Growing up in NYC in the late 1980s and early 90s, you learned from an early age to avoid “criminals” or at least to avoid situations where you could encounter one. “Don’t take the subway at night! Don’t leave the door unlocked!”
Crime has changed.
Now, a faceless individual sits in an apartment half a world away, pretending to be your boss, asking for the office credit card so that they can buy a new printer. $50,000 later, your business is the latest statistic in a growing phenomenon known as Social Engineering Fraud.
The broadest definition of Social Engineering Fraud is someone pretending to be someone else in order to steal money or information.
- Phishing (“Please enter your email password to open this file.”)
- Baiting (“The file was named 2020Payroll.pdf!”)
- Scareware (“A pop-up on your site said I had 12 viruses!”)
- Pretexting (“I’m a police officer, you need to trust me!”),
And even Spear-phishing, where a hacker pretends to be a specific person that you trust, can *all* leave your business – and your reputation – deep in debt.
“My, Grandmother, what big eyes you have! The better to see you with, my dear!”
But how do you protect yourself and spot the wolf before he bites a hole in your bank account?
First and foremost, the best defense against Social Engineering Fraud is a well-trained and attentive staff. Remember, if something doesn’t seem right, always call the recipient to verify their identity *before* you send any money. When calling, use the phone number you have on file rather than a phone number included in the email message you’re questioning. On the note of verifying emails and phone numbers – an incoming email with an incorrect sender address should be a dead giveaway.
Your second-best defense is a good offense. Antivirus software with a strong firewall and email monitoring is a must in this day and age – and we live in a world where user reviews are easy to find, so you should have no problem finding one that you like in a price range that you can afford. Taking that a step further, a few hundred dollars for good protective software should far outweigh the tens of thousands of dollars that usually results from a loss due to Social Engineering Fraud.
Third and finally, you need to speak with your insurance agent or broker and ensure that you have the right coverage to protect against such a loss. Commercial Crime policies can typically be written or endorsed to add coverage for Social Engineering Fraud, and Cyber Insurance policies can sometimes offer coverage as well.