How to Spot Pinocchio … 5 Top Tips to Help Companies Avoid Social Engineering Fraud
Social engineering fraud is constantly evolving. So, what are the current characteristics most commonly associated with these frauds and what should insurers be warning their clients about when offering crime insurance?
Our crime lead, Ruth Willmington, advises on the 5 main points to look out for:
- Email account compromise
To action more persuasive and effective attacks, fraudsters may compromise the email accounts of insureds or their suppliers or customers. By doing this, they can use historic correspondence to gather information on business operations, trading and expected payments. Fraudsters also commonly send emails from the accounts themselves as well as setting up email diverts so legitimate correspondence surrounding a transaction can be intercepted and manipulated. System security including multifactor authentication can help prevent these compromises – although removing the risk entirely is extremely difficult.
- Lack of telephone call back
Almost all frauds we encounter have, in part, been successful because those actioning the payment to the fraudster have not telephoned a trusted number and verified the details surrounding the transaction. This is a relatively easy control and not implementing it leaves companies wide open to fraud.
- Spoofed email accounts
Fraudsters often use email addresses similar to those of the people they are impersonating. Carefully looking at the domain and checking domain information (including when the domain was registered) prior to relying on email correspondence, can help to negate the risk associated with this.
- Use of bogus telephone numbers
Fraudsters may provide their own telephone numbers if individuals ask to speak with them to verify bank details. For this reason, the use of trusted and verified telephone numbers is absolutely critical.
- Payments to unusual jurisdictions
Whilst not all of these types of frauds involve payments to unusual jurisdictions, a number of them still do. Having knowledge of where beneficiaries are located and sense-checking banking information to this, is a helpful tool.
It’s impossible to be 100% protected from social engineering fraud, and those who succumb should not feel ashamed – but we can all help to make it harder for fraudsters; we hope that sharing these tips with insured clients might help to raise awareness.
If you would like to discuss this in further detail and find out more about the types of claims we are seeing, please get in touch.