Cybercrimes are all too familiar in this age of technology. With businesses performing more and more of their transactions electronically, the threat of becoming a victim of a cybercrime increases dramatically. Cybercrimes can happen in various ways but one of the most common methods is through social engineering.
Social engineering is a technique that exploits a person’s natural tendencies and emotional reactions through deception and manipulation. Once a cyber criminal picks a target, they often monitor a victim and wait until the right opportunity comes along to insert themselves without raising suspicion. Two of the most common forms of social engineering are phishing and vishing. Phishing is when a cyber criminal fraudulently obtains private information usually through email. Vishing is when the phishing scam is conducted over the phone.
Phishing: Company pays a fake carrier. A property broker’s carrier that they often use, emails their accounting rep requesting payment status on an invoice. The carrier advises that they switched banks and submitted signed forms so the property broker should update their records. Two days later, the property broker pays the $21,619 invoice via ACH. Fortunately, the bank receiving the funds notices the large amount entering a personal bank account as well as the quick withdrawal which prompts them to call the property broker. The property broker then calls their carrier only to find out they didn’t switch banks.
In this example, the cyber criminal was observing the electronic conversations between the broker and carrier and jumped into the conversation via email at the right time posing as the carrier.
Vishing: Company pays a fictitious vendor. A freight forwarding company was planning a large event to celebrate their 25th anniversary. A hundred guests had been invited to the event at a nice restaurant. The “restaurant manager” called to request a $5000 deposit to secure the reservation and the freight forwarder complied. A few days later, the company still didn’t receive confirmation of the reservation and called the restaurant. The restaurant didn’t request the deposit and never received any payment.
In this example, the criminal posed as the restaurant over the phone, requested the money, and then disappeared.
Certain types of social engineering may not be covered under your current cyber liability policy and this could result in a costly exposure to you. Don’t wait until you are a victim to find out if you have coverage. For more information on our Cyber Defense Package, contact your local Avalon representative or
click here.