Social engineering is becoming a frequent occurrence and it may be excluded from Cyber Liability policies. This cyber incident uses deception and manipulation to obtain confidential information, gain access to systems, or commit fraudulent acts. Contrary to other types of cyber attacks, this one relies on human trickery and not on technical hacks. These criminals are often clever and monitor their victims for a while waiting for the best opportunity to insert themselves without raising suspicion. Consider these two examples of how social engineering can lead to a financial loss.
CEO sends funds to the “CFO”. A brokerage firm is expanding their business and opening a second office on the east coast. They have been working for months to set up the new location and are in final negotiations to secure a lease on the building. The CEO receives an email from the “CFO” asking him to wire $10,000 to the landlord. Glad to finally have a contract, CEO does so without hesitation. Later in the week, the CEO sees the CFO in the office and asks about the status of the lease. The CFO said that they are still in negotiations and never asked for any money. It turns out that a criminal posed as the CFO and the money was transferred into a fraudulent account.
Company pays a fabricated vendor. A freight forwarding company is planning a large event to celebrate their 25th anniversary. A hundred guest have been invited to an evening at a nice restaurant. The “restaurant manager” calls to request a $5000 deposit to secure the reservation and they complied. A few days later, the company still didn’t receive confirmation of the reservation and calls the restaurant. The restaurant didn’t request the money and they certainly didn’t receive it. The criminal posed as the restaurant, requested the money, and then disappeared.
Next time someone ask you to send money, confirm with the requestor through another channel to ensure that it is a legitimate request. Don’t be a victim. Furthermore, social engineering is often excluded from a crime policy and may not be covered under a cyber liability policy. With electronic communication becoming the common mode of doing financial transactions, you want to be protected. Learn more about cyber security by contacting your local Avalon representative or visit our Cyber Liability page.
The Quest Newsletter is designed to provide critical information in the transportation industry. Avalon Risk Management is not responsible for the accuracy or reliability of information contained in articles. The reader/user assumes all risk in the use of such information.