0333 0431133

What is Social Engineering?

What is Social Engineering?

Social Engineering is a tactic used by criminals to trick people into divulging personal or financial information. The lengths they will go to, to gather this information, has no limits.

Methods they use to carry out these acts include;

  • Emails with links or downloads, supposedly from a source that you know, or a government department, known as phishing
  • Phone calls claiming to be from your bank, credit card provider, or the police, known as vishing
  • Phone calls claiming to be your IT provider, looking for login details or remote access, so they infect your system with malware
  • USB sticks, memory cards, CD-ROM/DVD-ROMs, or other storage mediums that have been deliberately left lying around, that contain malware, known as baiting
  • Allowing criminals physical access to computers, servers, or mobile devices

What preventive measures can I implement?

  • Make your staff aware of the risks, training on cyber security is available
  • Have procedures in place to deal with matters, such as;
    • The sharing of confidential or financial company and customer data with others
    • The checking of your suppliers to ensure they are genuine
    • A suppliers or customers change of bank account or other details
    • The use of external storage devices, or employee’s mobile devices
  • Slow down, spammers want you to act first and think later
  • Be suspicious of any unsolicited emails or text messages
  • Delete any requests for financial information or passwords
  • Reject requests for help, or offers of help. Legitimate companies and organizations do not contact you to provide help
  • Don’t follow a link in an email to a site you want to visit, find the website yourself using a search engine
  • Hovering over links or email addresses in an email will show the actual URL / email address at the bottom, but a good fraudster can still steer you in the wrong direction, so be vigilant
  • Curiosity leads to careless clicking – if you don’t know what the email is about, clicking links is a poor choice. Similarly, never use phone numbers from the email; it is easy for a scammer to pretend you’re talking to a bank teller
  • Email hijacking is now a common way for hackers, spammers, and social engineers to take over control of people’s email accounts (and other communication accounts). Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment, check with your friend before opening links or downloading, especially if it is instructions to make payments
  • Beware of any download. If you don’t know the sender personally, or expect a file from them, downloading anything is a mistake
  • Foreign offers are fake. If you receive an email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money, it is guaranteed to be a scam
  • Set your spam filters to high
  • Secure your computing devices. Install anti-virus software, firewalls, email filters and keep these up-to-date

What insurance cover is available?

Many people are under the impression that they are automatically covered under their commercial, cyber, or crime policies, however in most cases it is either excluded by policy wordings, such as the following or the cover that is provided is very limited;

 “The insurer pays the insured for direct loss of money sustained by the insured resulting from fraudulently transferred funds committed by a third party.

Social engineering is an act of fraud and whilst the insured is the victim, because you have given consent to the transfer of funds, albeit based on a lie by the fraudster, the cover may not be triggered”.

However, there are a number of insurers who are offering cover by using specific extensions under crime or cyber policies, but we would urge you to be cautious and ensure that you are fully aware of any specific terms and limitations of the cover before purchase.

If you would like more information on social engineering, please give us a call on 0330 431 133.