What is Social Engineering Fraud Insurance?
Social engineering crime, in simple terms, is when a cybercriminal tricks a person at home or in a business into sharing confidential information or transferring money, which the criminal steals. Social engineering fraud is part of a type of cyber (internet-based) crime, with seven out of 10 businesses experiencing some type of cyber-attack in the past 5 years, it’s a problem for both small and large businesses.
Cyber Insurance is a specific type of insurance policy that has been developed to cover the loss of money, data and confidential information stolen by cyber-criminals. Types of social engineering. Social engineering fraud is difficult to identify and far from black and white, however, it can be either of two common fraud types.
Involves person-to-person communication such as:
- Posing as an authorised user (like your boss),
- Posing as a third-party stakeholder,
- Shoulder surfing to gain private credentials and;
- Dumpster diving to check your computer's trash for valuable information.
This approach generally targets victims via computer software, often achieved by:
- Baiting - uses false promises to incite curiosity and greed in the victim
- Phishing - uses spam email and text messages to trick users into entering their personal info, clicking malicious links, or downloading attachments that contain malware.
- Pretexting - falsely mimics an authoritative person to gather information (policeman, doctor, bank representative, etc.)
- Spear phishing - more targeted emails or texts to a person that mimics someone the person knows, especially in the context of business, like the employer of the victim, using personal information to trick the person into believing the criminal is real.
- Scareware - arouses fear and panic in its victim so the victim will act, such as paying a fake bill or calling before service is suspended for non-payment.
Unfortunately, these types of crimes can and do frequently go unnoticed until confidential data has been stolen or funds have been transferred, and it's too late to recover them. It’s difficult to eliminate the risk of social engineering fraud, and criminals are increasing their attacks. Fortunately, you can get a comprehensive Cyber insurance policy that can include Social Engineering to cover losses caused by these attacks.
Why is Social Engineering Fraud Insurance important?
Businesses are becoming more integrated into the digital community, from banking, health insurance and buying goods of services online. This leaves a lot of ways that people and companies can be exposed. In Australia, a cybercrime report is made approximately every eight minutes.
While anyone can be the subject of social engineering attacks, there are certain groups scammers typically target. This is due to factors including seniority, access to sensitive information, or ability to access systems, such as:
- High-profile individuals,
- Senior management,
- System administrators and;
- Staff members (mainly from finance, legal, etc.).
Ultimately, no matter what your position is within the organisation or existing cyber defences, no one really is immune to being scammed and becoming a victim of social engineering or cybercrime.
As part of your risk management, a social engineering insurance policy can minimise the impact and financial loss to the business.
What does Social Engineering Fraud cover?
It’s important to know that cyber risks and social engineering fraud are not usually covered under the normal business insurance policy, so they have to be looked at separately.
As mentioned, Social Engineering Fraud cover is part of a Cyber Insurance policy that covers:
Incident response – specialists to identify the breach and remove the cause;
- Financial loss and additional costs due to the incident;
- Data recovery and restoration;
- Legal defences costs;
- Cyber extortion management and fees;
- Crisis and PR management of the incident; and
Your policy should extend to cover losses from::
- Vendor/ supplier impersonation
- Executive impersonation
- Client impersonation
Because different businesses and industries have different levels of complexity and risk, we recommend talking with your insurance adviser. They are professionals who will work with you to understand your business risks and provide you with advice to manage your risks, and recommend the best insurance options and solutions.
Frequently Asked Questions
● What is an example of social engineering?
Social engineering crime, in simple terms, is when a cybercriminal tricks a person at home or in a business into sharing confidential information or transferring money, which the criminal steals. Examples include phishing, this trick users into entering their personal info, clicking malicious links, or downloading attachments that contain malware, giving the criminal access to the computer.
● What are the 5 social engineering attacks?
The five most common social engineering attacks are (1) baiting, (2) phishing, (3) pretexting, (4) spear phishing, and (5) scareware.
● What is a social engineering phishing example?
Phishing is a social engineering trick that sends out spam emails or texts to trick users into entering their personal info, clicking malicious links, and being redirected to a scam webpage, where the victim is tricked into handing over sensitive personal information or downloading attachments that contain malware, giving the criminal access to the computer.
● Is social engineering fraud a type of cybercrime in Australia?
Yes, many forms of social engineering happen within cyberspace. A criminal pretends to be someone else and tricks the victim into giving them information, access to their computer or transferring money, any social engineering tactic constitutes fraud and qualifies as cybercrime.