SOCIAL ENGINEERING
Social
Engineering
On The
Rise
Are you familiar with the concept of social engineering ? If not , you are not alone . Social engineering is the potentially devastating practice of extracting critical financial or other company information from an unsuspecting employee . The employee , trying to be helpful and cooperative on the job , will often respond to these innocentseeming inquiries and make a payment directly to a hacker ’ s bank account rather than a legitimate vendor , client , or supplier .
Say you are an employee in the accounting department for a large manufacturer . You receive an email purportedly from a vendor with whom you have worked for many years , claiming that the vendor has changed banks and is requesting that payments be redirected to a new account . When the actual vendor comes forward seeking payment some time later , the employee realizes that he or she has been scammed and the company is out a large sum of money . In this case , nobody hacked into an account or used technology to blindside someone without their knowledge . The victim willingly did as requested by the hacker and made payment directly to the criminal .
Once you understand the concept of social engineering — or more specifically “ phishing ”— as illustrated in this example , you can see how any business can be vulnerable to this type of attack . Employees that are used to “ going the extra mile ” in their jobs may think nothing of complying with a change request or request for information , seeing them as a typical part of their job .
These attacks are not limited to large companies either . According to the FBI website , “ Victims range from large corporations to tech companies to small businesses to non-profit organizations .” The agency reports that from October 2013 to February 2016 , more than 17,642 social engineering victims from across the United States were defrauded of over $ 2.3 billion .
There are steps companies can take to help guard against such attacks , beginning with education . All companies should warn employees about this practice , raising awareness of the problem and training them to do their homework before blindly complying with every request . The company should also implement safeguards , such as double-authentication measures where requests for information or change orders are verified directly with the affected party .
Companies should also protect themselves by adding Social Engineering coverage — which covers losses in the event that an employee transfers money to an unauthorized party as the result of identity deception — to their Crime Insurance policy or Cyber Insurance policy . Like all insurance products , policies vary with respect to coverage limits , exclusions , pricing , and other criteria . An agency experienced in crime insurance and cyber insurance , like Atlas , can be helpful in analyzing and comparing policies and in recommending the best option for your particular situation .
The best advice we can give is don ’ t wait ! Like thousands of other companies , you may be a victim of a social engineering scheme without even realizing it , so act now to protect your business . Visit us online at www . atlasinsurance . com or call us at ( 808 ) -628-5320 to learn more about how we can help . +
BY : SANDY FERRERIA , ATLAS INSURANCE
Sandy joined Atlas Insurance Agency in September 2004 . Her experience includes over twenty years of industry knowledge . She assists our risk management clientele with day-to-day servicing , consulting services , and insurance placements . Sandy spent six years with Arthur J . Gallagher prior to joining Atlas . Sandy has experience with clients such as Island Movers , Hawaiian Host , Central Pacific Bank , Island Holdings , and Tradewind Capital Group .
30