Although we hear a lot about hackers, social engineering and false pretense scams are on the rise for businesses. In fact, the Poneman Institute ranked it among the top 5 costly cybercrimes.
How Do Cybercrimes and Scams Work?
Phishing is the most common social engineering tactic used by fraudsters. The fraudster recreates the website or portal of a company and sends the link to numerous targets via email. Then, the person the email is sent to clicks on the link without realizing it’s fake. This compromises personal information like credit card details.
Another increasingly common social engineering scam affecting U.S. businesses is wire transfer fraud. Wire transfer scams intentionally mislead unsuspecting employees into sending money or diverting payments to fraudsters. These scammers are usually impersonating vendors, clients, customers, and senior executives or business owners.
Common Cybercrimes and Scamming Strategies:
- First, the fraudster sends an email from someone pretending to be a vendor, customer, or client. In other cases, they may pose as an owner, senior executive, or employee. Then, the scammer’s email will request a transfer of funds and will trick the company into wiring funds into a specific bank account under the control of the fraudster.
- In this scenario, the fraudster assumes the identity of a company vendor and uses email that appears to be legitimate. Often, this is from a compromised email account or a similar but slightly altered domain name. They will be sent to an employee who the fraudster knows is in a position to transfer funds. The email identifies themselves as a valid vendor, and advises the employee that they have changed bank accounts and to send the payments to the new bank.
Could a Cybercrime Really Happen to You? Real Scam Stories.
- A CFO working remotely apparently sent a request to the controller for a $143,000 wire transfer to a trusted vendor. This was a routine procedure. After completing the transfer, they discovered a fraudster spoofed the CFO’s email address. It was all a con.
- A fraudster created fake email addresses for the VP of Finance and their suppliers that were off by just one character, and not noticed by either party. After an email exchange through fake addresses, the VP of Finance transferred a $1.3 million payment to the supplier account provided in the email. Unfortunately, this turned out to be a fake account in another country.
- Watch this news clip of a false pretense loss which happened to a Catholic church in Cleveland.
The church that was the victim of a social engineering/false pretense scam was working with their insurance company to file a claim. Hopefully, their insurance policy covered social engineering fraud and they were able to recover some of 1.75 million lost in the scam.
Want to learn more about False Pretense coverage or other cyber crime insurance? Social engineering false pretense related attacks on businesses have risen 91 percent over the past year. Additionally, they often lead to business interruptions and costly claims. In order to truly protect your organization, it’s critical to know what your business insurance covers and add additional coverage if necessary to protect against losses from false pretense scams or other cyber crimes. Contact a Healy Group Commercial Insurance & Risk Management advisor today.
About the Author:
John Kersey joined Healy Group in 2003 and has 30 years of experience designing risk management programs for commercial clients. As a risk management advisor, John strives to build strong relationships with his clients and business partners to understand their needs better and provide the best risk management strategies for their unique situations.