SOCIAL ENGINEERING
Social
Engineering
On The
Rise
Are you familiar with the concept of social engineering ? If not , you are not alone . Social engineering is the potentially devastating practice of extracting critical financial or other company information from an unsuspecting employee . The employee , trying to be helpful and cooperative on the job , will often respond to these innocentseeming inquiries and make a payment directly to a hacker ’ s bank account rather than a legitimate vendor , client , or supplier .
Say you are an employee in the accounting department for a large manufacturer . You receive an email purportedly from a vendor with whom you have worked for many years , claiming that the vendor has changed banks and is requesting that payments be redirected to a new account . When the actual vendor comes forward seeking payment some time later , the employee realizes that he or she has been scammed and the company is out a large sum of money . In this case , nobody hacked into an account or used technology to blindside someone without their knowledge . The victim willingly did as requested by the hacker and made payment directly to the criminal .
Once you understand the concept of social engineering — or more specifically “ phishing ”— as illustrated in this example , you can see how any business can be vulnerable to this type of attack . Employees that are used to “ going the extra mile ” in their jobs may think nothing of complying with a change request or request for information , seeing them as a typical part of their job .
These attacks are not limited to large companies either . According to the FBI website , “ Victims range from large corporations to tech companies to small businesses to non-profit organizations .” The agency reports that from October 2013 to February 2016 , more than 17,642 social engineering victims from across the United States were defrauded of over $ 2.3 billion .
There are steps companies can take to help guard against such attacks , beginning with education . All companies should warn employees about this practice , raising awareness of the problem and training them to do their homework before blindly complying with every request . The company should also implement safeguards , such as double-authentication measures where requests for information or change orders are verified directly with the affected party .
Companies should also protect themselves by adding Social Engineering coverage — which covers losses in the event that an employee transfers money to an unauthorized party as the result of identity deception — to their Crime Insurance policy or Cyber Insurance policy . Like all insurance products , policies vary with respect to coverage limits , exclusions , pricing , and other criteria . An agency experienced in crime insurance and cyber insurance , like Atlas , can be helpful in analyzing and comparing policies and in recommending the best option for your particular situation .
The best advice we can give is don ’ t wait ! Like thousands of other companies , you may be a victim of a social engineering scheme without even realizing it , so act now to protect your business . Visit us online at www . atlasinsurance . com or call us at ( 808 ) -628-5320 to learn more about how we can help . +
BY : SANDY FERRERIA , ATLAS INSURANCE
Sandy joined Atlas Insurance Agency in September 2004 . Her experience includes over twenty years of industry knowledge . She assists our risk management clientele with day-to-day servicing , consulting services , and insurance placements . Sandy spent six years with Arthur J . Gallagher prior to joining Atlas . Sandy has experience with clients such as Island Movers , Hawaiian Host , Central Pacific Bank , Island Holdings , and Tradewind Capital Group .
30
SOCIAL ENGINEERING
A
re you familiar with the
concept of social engineering?
If not, you are not alone.
Social engineering is the
potentially devastating
practice of extracting critical financial
or other company information from an
unsuspecting employee. The employee,
trying to be helpful and cooperative on the
job, will often respond to these innocent-
seeming inquiries and make a payment
directly to a hacker’s bank account rather
than a legitimate vendor, client, or supplier.
Say you are an employee in the accounting
department for a large manufacturer.
You receive an email purportedly from
a vendor with whom you have worked
for many years, claiming that the vendor
has changed banks and is requesting
that payments be redirected to a new
account. When the actual vendor comes
forward seeking payment some time later,
the employee realizes that he or she has
been scammed and the company is out a
large sum of money. In this case, nobody
hacked into an account or used technology
to blindside someone without their
knowledge. The victim willingly did as
requested by the hacker and made payment
directly to the criminal.
Once you understand the concept of
social engineering—or more specifically
“phishing”—as illustrated in this example,
you can see how any business can be
vulnerable to this type of attack. Employees
that are used to “going the extra mile” in
their jobs may think nothing of complying
30
Social
Engineering
On The
Rise
with a change request or request for
information, seeing them as a typical part
of their job. analyzing and comparing policies and in
recommending the best option for your
particular situation.
These attacks are not limited to large
companies either. According to the
FBI website, “Victims range from large
corporations to tech companies to small
businesses to non-profit organizations.”
The agency reports that from October
2013 to February 2016, more than
17,642 social engineering victims from
across the United States were defrauded of
over $2.3 billion. The best advice we can give is don’t wait!
Like thousands of other companies, you
may be a victim of a social engineering
scheme without even realizing it, so act
now to protect your business. Visit us
online at www.atlasinsurance.com or call
us at (808)-628-5320 to learn more about
how we can help. +
There are steps companies can take to help
guard against such attacks, beginning with
education. All companies should warn
employees about this practice, raising
awareness of the problem and training
them to do their homework before
blindly complying with every request.
The company should also implement
safeguards, such as double-authentication
measures where requests for information
or change orders are verified directly with
the affected party.
Companies should also protect themselves
by adding Social Engineering coverage—
which covers losses in the event that
an employee transfers money to an
unauthorized party as the result of identity
deception—to their Crime Insurance
policy or Cyber Insurance policy. Like all
insurance products, policies vary with
respect to coverage limits, exclusions,
pricing, and other criteria. An agency
experienced in crime insurance and cyber
insurance, like Atlas, can be helpful in
BY: SANDY FERRERIA,
ATLAS INSURANCE
Sandy joined Atlas Insurance Agency in
September 2004. Her experience includes
over twenty years of industry knowledge.
She assists our risk management clientele
wit ^K]�Y^H�\��X�[���ۜ�[[��\��X�\�[�[��\�[��HX�[Y[�˂��[�H�[��^YX\���]\�\�����[Y�\��[܈���[�[��]\ˈ�[�B�\�^\�Y[��H�]�Y[���X�\�\�[��[ݙ\��]�ZZX[����[��[X�Y�X�[��\�[��[���[��Y]�[���\][ܛ�\