While many business owners fear cyber attacks that will gain access to important information, it’s important to recognize that you could be handing these assets right to a cyber hacker if you’re not diligent. Social engineering attacks involve a hacker deceiving an individual into giving away private information, which can include passwords and pin numbers that give the hacker access to a confidential system, account, or database.
What makes social engineering fraud even more dangerous is the fact that the information was freely given to a hacker. Because of this, social engineering attacks can make it very difficult to recover any lost or damaged assets.
For example, a financial controller of a law firm was notified by the firm’s bank of a suspicious wire fund transfer. The financial controller provided the bank account’s password and pin to the individual who he thought was a trusted source from the bank. The next day, he contacted the bank to check on the account to learn that they had no record of the prior day’s conversation and the firm’s funds had been transferred to an overseas account. No reimbursement was offered by the bank as this was an authorized transaction.
Because this law firm had cyber insurance, they were able to recover the lost funds, less their policy deductible. Without a cyber policy, they would have suffered serious financial damages.
Social Engineering: Understanding the Type of Attack
As we utilize technology and the internet more and in new ways, new forms of cyber attacks follow. It’s important to understand the type of social engineering you may be facing to best protect yourself from it.
Phishing scams are cyber attacks (often used in email form) in which the hacker tricks an internet user into providing private or personal information that the hacker can use to access private systems, accounts, and databases. The best way to protect yourself from phishing attacks is to learn to identify them so they can’t trick you into providing any information you wouldn’t want to give out.
- Check the Subject Line: Many phishing emails try to lure you in with notices of overdue invoices, account issues, or other warnings.
- Check the Greeting: If an email is from a legitimate business or organization, the greeting will usually include your name. A phishing attempt may say “Dear Customer.”
- Check for Grammar & Spelling Errors: Spelling and grammatical errors are a red flag. Take a closer look before you click on anything.
In addition, it’s important that you do not click on any embedded links in a suspicious email and make sure your computer’s security software remains up to date. When in doubt, it’s always best to contact the individual or organization directly if an email looks suspicious.
Vishing scams use voice communication in which caller identity can be spoofed. This may come in the form of a phone call or an email that asks you to contact a certain number. It’s important to double-check anything a representative tells you on the phone to make sure they are a trusted source. Like with phishing, they will often use scare tactics to trick you into giving away information quickly.
Smishing is a cyber attack that exploits SMS, texts, or messages. These texts may contain links that may automatically pull up an email, text or website.
While it’s important to ensure you’re prepared to identify and prevent a potential social engineering attack, it’s even more essential to prepare for the worst. As cyber attacks evolve every day, it’s best to prepare for not if, but when you’ll fall victim.
A cyber liability insurance policy can protect you from both first and third-party risks, as well as business interruption and digital asset damages.
To learn more about a cyber liability insurance policy, contact a ProWriters expert today! Or call us at 484-321-2335.