Risk & Business Magazine Rogers Insurance Spring 2016 | Page 7

to authentic addresses. When responding to requests that
ask for confidential or sensitive information to be disclosed
or altered, closely verify the address and start a new email
chain to the known address to carry on the communication.
You should, however, whenever possible, avoid using email to
complete these types of transactions. Remember though, if
the email address is correct, it doesn’t mean it is a legitimate
email. Continue to be vigilant.

Verify with a known source
Given that fraudulent emails may originate from a legitimate
email address (the account may have been hacked) whenever
you are asked to make changes that involve sensitive or
confidential information (payment/banking info, contact
information, primary contact person, mailing address, etc.),
always verify with a known contact that the person who
contacted you is authorized to make those changes or is who
they say they are. Pick up the phone or when possible meet in
person to confirm.

Be upfront if you think you’ve been a victim
It happens more than we’d like. If you think you may have
been the target of a social engineering attack, successful or
not, tell your manager so that they can act early. Sometimes
it is only through hindsight when you may realize something
was off. Often a quick response can minimize the damage.
Hiding it, avoiding it or hoping it goes away will only ensure
that the potential loss is bigger and/or h