Why Your Business May Need Social Engineering Coverage
Most companies are aware of their ransomware and data breach exposures and the urgent need for cyber liability insurance. However, there are other exposures that exploit human nature and gaps in internal controls. Worse yet, losses caused by employee mistakes may not be covered by standard liability coverage. That’s why you may want to consider adding social engineering fraud coverage to your business insurance policy.
Social Engineering Attacks
Social engineering attacks work by tricking people into doing something. Usually, that something involves diverting funds or revealing sensitive information. Unlike traditional computer fraud attacks, these ploys don’t need to find vulnerabilities in computer networks or programs to work. They can also be quite convincing and targeted.
Scammers are always coming up with new tricks, but here are some common and costly social engineering schemes:
- Phishing and Spear Phishing: Phishing attacks have been around for a while now, and they probably won’t go away anytime soon. A typical attack might use a text or email that looks like it comes from a well-known company and instructs the recipient to click a link or enter information. In spear phishing attacks, individuals are targeted.
- Business Email Compromise: According to the FBI, email compromise scams are one of the most financially damaging online crimes. These attacks typically target an account executive or another employee of a company using spoofed emails that appear to come from a trusted vendor, client or other contact in hopes of gaining access to the company bank account. The scammer will then request a wire transfer from the business's financial institution that sounds legitimate, but is not.
- Payroll Diversion Fraud: These days, many employees are paid via direct deposit. In payroll diversion schemes, fraudsters provide their own direct deposit information. The FBI has warned that recent schemes have also involved phishing attacks designed to get employee login credentials.
Social Engineering Fraud: A Growing Threat
Social engineering schemes are costly, and the threat may be increasing.
In 2019, the Internet Crime Complaint Center (IC3) received 23,775 business email compromise or email account compromise complaints, representing social engineering fraud losses of more than $1.7 billion. There were also 114,702 reported victims of phishing or related scams, with losses of $57,836,379.
Several factors could make the situation even worse.
Many people switched to remote work because of the COVID-19 pandemic, and some of these arrangements might be permanent. In addition to the inherent computer security risks, remote work may also make it harder to verify information face-to-face, leaving people vulnerable to social engineering fraud. Back in April, the FBI warned that email compromise scams related to COVID-19 were expected to rise, and several examples had been seen already.
And don’t assume that risk management security measures like video or audio verification will eliminate the risk. Deepfake technology, which can produce fake but convincing videos, may be used in some scams. According to Forbes, scammers used a deepfake voice model to trick an employee into thinking he was talking to his boss so he would make a wire transfer for $243,000.
Social Engineering Fraud Coverage
Both computer fraud and social engineering schemes are common and costly. Even worse, they may not be covered under standard insurance policies.
According to Insurance Business Magazine, social engineering claims may be denied by a fidelity or crime insurance policy because these claims don’t involve direct fraud. For example, in business email compromise schemes, the wire transfer is not carried out by the scammer – it’s carried out by an employee.
However, it is possible to secure coverage with a social engineering endorsement. Given the current risk of business email compromise and other social engineering schemes, this may be good coverage to have. Contact a Higginbotham insurance broker to learn more about our risk mitigation and insurance solutions.