What is Social Engineering Fraud Insurance?
Social engineering crime in simple terms is when a cybercriminal tricks a person at home or in a business into sharing confidential information or transferring money, which the criminal steals.
Social engineering fraud is part of a type of cyber (internet based) crime, with seven out of 10 businesses experiencing some type of cyber-attack in the past 5 years, it’s a problem for both small and large businesses.
Cyber Insurance is a specific type of insurance policy that has been developed to cover loss of money, data and confidential information stolen by cyber-criminals. Types of social engineering
Social engineering fraud is difficult to identify and far from black and white, however, it can be either of two common fraud types.
Involves person-to-person communication such as:
- Posing as an authorised user (like your boss),
- Posing as a third-party stakeholder,
- Shoulder surfing to gain private credentials, and;
- Dumpster diving to check your computer's trash for valuable information.
This approach generally targets victims via computer software, often achieved by:
- Baiting - uses false promises to incite curiosity and greed in the victim
- Phishing - uses spam email and text messages to trick users into entering their personal info, clicking malicious links, or downloading attachments that contain malware.
- Pretexting - falsely mimics an authoritative person to gather information (policeman, doctor, bank representatives, etc.)
- Spear phishing - more targeted emails or texts to a person that mimics someone the person knows, especially in the context of business, like the employer of the victim, using personal information to trick the person into believing the criminal is real.
- Scareware - arouses fear and panic in its victim so the victim will act, such as paying a fake bill or calling before a service is suspended for non-payment.
Unfortunately, these types of crimes can and do frequently go unnoticed until the confidential data has been stolen or funds have been transferred and its too late to recover them. It’s difficult to eliminate the risk of social engineering fraud and criminals are increasing their attacks. Fortunately, you can get a comprehensive Cyber insurance policy that can include Social Engineering to cover losses caused by these attacks.
WHY IS SOCIAL ENGINEERING FRAUD INSURANCE IMPORTANT?
Businesses are becoming more integrated into the digital community, from banking, health insurance and buying goods of services online. This leaves a lot of ways that people and companies can be exposed. In Australia, a cybercrime report is made approximately every eight minutes.
While anyone can be the subject of social engineering attacks, there are certain groups scammers typically target. This is due to factors including seniority, access to sensitive information, or ability to access systems, such as: i
• High profile individuals,
• Senior management,
• System administrators, and;
• Staff members (mainly from finance, legal, etc.).
Ultimately, no matter what your position is within the organisation or existing cyber defenses, no one really is immune to being scammed and becoming a victim of a social engineering or cybercrime.
As part of your risk management, a social engineering insurance policy can minimise the impact and financial loss to the business.
WHAT DOES SOCIAL ENGINEERING FRAUD INSURANCE COVER?
It’s important to know that cyber risks and social engineering fraud are not usually covered under the normal business insurance policy, so they have to be looked at separately.
As mentioned, Social Engineering Fraud cover is part of a Cyber Insurance policy which covers:
● Incident response – specialists to identify the breach and remove the cause;
● financial loss and additional costs due to the incident;
● Data recovery and restoration;
● Legal defences costs;
● Cyber extortion management and fees;
● Crisis and PR management of the incident; and
Your policy should extend to cover losses from::
● Vendor/ supplier impersonation
● Executive impersonation
● Client impersonation
Because different businesses and industries have different levels of complexity and risk, we recommend talking with your insurance adviser. They are professionals who will work with you to understand your business risks and provide you with advice to manage your risks and a recommend the best insurance options and solution.
Frequently Asked Questions
● What is an example of social engineering?
Social engineering crime in simple terms is when a cybercriminal tricks a person at home or in a business into sharing confidential information or transferring money, which the criminal steals. Examples include phishing, this trick users into entering their personal info, clicking malicious links, or downloading attachments that contain malware, giving the criminal access to the computer.
● What are the 5 social engineering attacks?
The five most common social engineering attacks are (1) baiting, (2) phishing, (3) pretexting, (4) spear phishing, and (5) scareware.
● What is social engineering, phishing give an example?
Phishing is a social engineering trick that send out spam emails or texts, to trick users into entering their personal info, clicking malicious links, being redirected to an scam webpage, where the victim is tricked into handing over sensitive personal information, or downloading attachments that contain malware, giving the criminal access to the computer.
● Is social engineering fraud a type of cybercrime in Australia?
Yes, many forms of social engineering happen within cyberspace. A criminal pretends to be someone else and tricks the victim into giving them information, access to their computer or transferring money, any social engineering tactic constitutes fraud and qualifies as cybercrime.