Most companies are aware of their ransomware and data breach exposures and the urgent need for cyber liability insurance. However, there are other exposures that exploit human weaknesses. Worse yet, losses caused by employee mistakes may not be covered by standard policies. That’s why your business may want to consider social engineering coverage.
What Is Social Engineering?
Social engineering scams work by tricking people into doing something. Usually, that something involves diverting funds or revealing sensitive information. Unlike malware attacks, these ploys don’t need to find vulnerabilities in computer networks or programs to work. They can also be quite convincing and targeted.
Scammers are always coming up with new tricks, but here are some common and costly social engineering schemes:
- Phishing and Spear Phishing: Phishing attacks have been around for a while now, and they probably won’t go away anytime soon. A typical attack might use a text or email that looks like it comes from a well-known company and instructs the recipient to click a link or enter information. In spear phishing attacks, individuals are targeted.
- Business Email Compromise: According to the FBI, business email compromise scams are one of the most financially damaging online crimes. These attacks typically target an individual at a company using spoofed emails that appear to come from a trusted vendor, client or other contact. The scammer will request a wire transfer that sounds legitimate, but is not.
- Payroll Diversion Fraud: These days, many employees are paid via direct deposit. In payroll diversion schemes, fraudsters provide their own direct deposit information. The FBI has warned that recent schemes have also involved phishing attacks designed to get employee login credentials.
A Growing Threat
Social engineering schemes are costly, and the threat may be increasing.
In 2019, the Internet Crime Complaint Center (IC3) received 23,775 business email compromise or email account compromise complaints, representing losses of more than $1.7 billion. There were also 114,702 reported victims of phishing or related scams, with losses of $57,836,379.
Several factors could make the situation even worse.
Many people switched to remote work because of the COVID-19 pandemic, and some of these arrangements might be permanent. In addition to the inherent computer security risks, remote work may also make it harder to verify information face-to-face, leaving people vulnerable to social engineering fraud. Back in April, the FBI warned that business email compromise scams related to COVID-19 were expected to rise, and several examples had been seen already.
And don’t assume that using video or audio verification will eliminate the risk. Deepfake technology, which can produce fake but convincing videos, may be used in some scams. According to Forbes, scammers used a deepfake voice model to trick an employee into thinking he was talking to his boss so he would make a wire transfer for $243,000.
Your Business Might Not Be Covered
Social engineering schemes are common and costly. Even worse, they may not be covered under standard insurance policies.
According to Insurance Business Magazine, claims for social engineering may be denied by crime/fidelity policies because these claims don’t involve direct fraud. For example, in business email compromise schemes, the wire transfer is not carried out by the scammer – it’s carried out by an employee.
However, it is possible to secure coverage with a social engineering endorsement. Given the current risk of business email compromise and other social engineering schemes, this may be good coverage to have. Contact us to learn more.