5 Ways to Avoid a Social Engineering Claim
Yesteryears’ con artists (who operate in the physical space) are quickly being replaced by social engineers (who operate in the cyber space). Regardless of the medium, the end result is the same – victims are fooled by persons claiming to be someone else. A scheme by someone posing to be an employee, company executive, client, vendor or trusted advisor may expose your staffing organization to substantial economic losses.
Social Engineering Claim Example
To put this in perspective, an $80M revenue staffing organization was contacted via phone and email by a social engineer. On each contact, the social engineer obtained additional pieces of information. The social engineer used this information to build credibility as he connected with other employees within the organization. Eventually, the social engineer was able to pose as the organization’s CFO. From there, he directed the controller to wire funds to pay invoices of a new vendor. The fraudulent vendor’s account numbers directed funds to an unknown source. Three fraudulent invoices were paid before the legitimate vendor followed up for payment. The organization then realized the email requests from the CFO to the controller were actually from the social engineer. The net loss to the staffing organization was over $56K.
How to Avoid Becoming a Victim
- Establish a company policy to never provide personal information, or information about your organization, unless you’re certain of the requester’s identity.
- Don’t disclose personal or financial information in email.
- Pay attention to a website’s URL. Malicious websites often look identical to legitimate sites, but the URL may use a variation of spelling.
- Contact the source if you’re unsure whether an email request is legitimate.
- Verify your commercial crime insurance policy includes coverage for social engineering – client impersonation, employee impersonation and vendor or supplier impersonation.
As the face of today’s con artist continues to evolve, so too should your business practices. To learn more about how to protect your organization and avoid a social engineering claim, contact a member of the ‘A’ Team.
- Hand It Over: The Scary Truth about Social Engineering
- Hacktivism: A Growing Threat
- Don't Get Burned by a Cyber Attack
- Cyber Liability E-Book
ABOUT THE AUTHOR