A colleague of mine recently shelled out $150,000 of his own money because he did not have Social Engineering Fraud (SEF) insurance.
Wait – what is SEF insurance, you ask?
Social engineering fraud (SEF) is the use of psychology to manipulate and deceive someone in order to gather information for illegal purposes or to persuade them to take ill-advised actions. By typically pretending to be a known person or legitimate entity, fraudsters will successfully coerce their targets into disclosing sensitive company data or transferring funds to a fraudster’s account.
Attackers search organizations looking for points of vulnerability and use a wide range of tricks – from email or social media phishing scams to phone calls (vishing) and text messaging (smishing).
Examples of Social Engineering Fraud
- Posing as a company’s Chief Financial Officer, a fraudster emails the CEO’s assistant requesting a $155,000 wire transfer to a foreign vendor’s new bank account. Five hours after executing the transfer, the assistant discovers they have been duped.
- A company’s front desk staff receives a call from a fraudster who claims the IT department contacted them about a technical problem. When the well-meaning employee downloads the file sent by the fraudster to “diagnose” the problem, the company’s database is attacked by malware.
All the cyber security in the world cannot fully protect your business from social engineering fraud.
SEF is a widespread problem that affects every type of business, regardless of size or industry sector. The statistics are frightening: social engineering accounts for 98% of all cyber-attacks, and an average organization experiences over 700 social engineering attacks a year.
Which is why it is important to consider social engineering fraud coverage.
SEF insurance coverage offers protection in the event that your business incurs a financial loss due to an employee falling victim to a social engineering scam. It specifically covers losses caused by the good faith transfer of money, securities, or other property as a direct result of fraudulent instructions given by someone posing as a vendor, client, supplier, or other authorized employee.
Some insurers may automatically include limited SEF coverage on a crime or cyber insurance policy. But surprisingly, many insurance policies DO NOT specifically cover SEF.
Reach out to your insurance broker for a review of your policies to see what, if any, coverage you have – and to discuss what coverage might be best for your business.
