Morrison insurance Solutions

What is Social Engineering?

What is Social Engineering?

Social Engineering is a tactic used by criminals to trick people into divulging personal or financial information. The lengths they will go to, to gather this information, has no limits.

Methods they use to carry out these acts include;

bullet-arror.gifEmails with links or downloads, supposedly from a source that you know, or a government department, known as phishing

bullet-arror.gifPhone calls claiming to be from your bank, credit card provider, or the police, known as vishing

bullet-arror.gifPhone calls claiming to be your IT provider, looking for login details or remote access, so they infect your system with malware

bullet-arror.gifUSB sticks, memory cards, CD-ROM/DVD-ROMs, or other storage mediums that have been deliberately left lying around, that contain malware, known as baiting

bullet-arror.gifAllowing criminals physical access to computers, servers, or mobile devices

What preventive measures can I implement?

bullet-arror.gifMake your staff aware of the risks, training on cyber security is available

bullet-arror.gifHave procedures in place to deal with matters, such as;

bullet-arror.gifThe sharing of confidential or financial company and customer data with others

bullet-arror.gifThe checking of your suppliers to ensure they are genuine

bullet-arror.gifA suppliers or customers change of bank account or other details

bullet-arror.gifThe use of external storage devices, or employee’s mobile devices

bullet-arror.gifSlow down, spammers want you to act first and think later

bullet-arror.gifBe suspicious of any unsolicited emails or text messages

bullet-arror.gifDelete any requests for financial information or passwords

bullet-arror.gifReject requests for help, or offers of help. Legitimate companies and organizations do not contact you to provide help

bullet-arror.gifDon’t follow a link in an email to a site you want to visit, find the website yourself using a search engine

bullet-arror.gifHovering over links or email addresses in an email will show the actual URL / email address at the bottom, but a good fraudster can still steer you in the wrong direction, so be vigilant

bullet-arror.gifCuriosity leads to careless clicking – if you don’t know what the email is about, clicking links is a poor choice. Similarly, never use phone numbers from the email; it is easy for a scammer to pretend you’re talking to a bank teller

bullet-arror.gifEmail hijacking is now a common way for hackers, spammers, and social engineers to take over control of people’s email accounts (and other communication accounts). Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment, check with your friend before opening links or downloading, especially if it is instructions to make payments

bullet-arror.gifBeware of any download. If you don’t know the sender personally, or expect a file from them, downloading anything is a mistake

bullet-arror.gifForeign offers are fake. If you receive an email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money, it is guaranteed to be a scam

bullet-arror.gifSet your spam filters to high

bullet-arror.gifSecure your computing devices. Install anti-virus software, firewalls, email filters and keep these up-to-date

What insurance cover is available?

Many people are under the impression that they are automatically covered under their commercial, cyber, or crime policies, however in most cases it is either excluded by policy wordings, such as the following or the cover that is provided is very limited;

 “The insurer pays the insured for direct loss of money sustained by the insured resulting from fraudulently transferred funds committed by a third party.

Social engineering is an act of fraud and whilst the insured is the victim, because you have given consent to the transfer of funds, albeit based on a lie by the fraudster, the cover may not be triggered”.

However, there are a number of insurers who are offering cover by using specific extensions under crime or cyber policies, but we would urge you to be cautious and ensure that you are fully aware of any specific terms and limitations of the cover before purchase.

If you would like more information on social engineering, please give us a call on 0330 431 133.

<< Back to News