What is Social Engineering? Common Techniques and Prevention

Man attempting social engineering cyber attacks

Cybercriminals create new advanced social engineering tactics and target small and medium-sized businesses. For example, the FBI estimates that cybercriminals stole more than $28 billion through email fraud from 2016-2020, with an average loss per incident of more than $150,000.

Business owners and IT professionals must adapt to these rising social engineering trends to reduce exposure. One of the best ways to keep yourself safe from a social engineering attack is to be able to identify them. Read about what social engineering looks like, attack types to know, and red flags to watch for to avoid becoming a victim of social engineering.

 

What is Social Engineering?

Social engineering can be described as the art of human hacking by impersonating executives, employees, vendors, and suppliers. Social engineering, in its basic form, is the act of tricking an individual into providing commercial or personal information, usually done through technology.

However, unlike technical hacking, which is designed to gain access to systems or data, Social engineers exploit a human weakness, curiosity, and anxiety through deception to manipulate them to use the information gathered for fraudulent purposes. The most common social engineering attack is the unintended payment or transfer of funds made to cyber scammers through this deception.

 

Social Engineering Claim Scenario

Consider this claim example of a social engineering scam on a business:

The company accountant receives an email from the CEO that looks legitimate but is fake and includes a link to a login page where the hacker simply harvests company credentials. The cyber criminal then uses the credentials to log in and transfer funds from the company bank account to an illegitimate bank account.

In this scenario, because the cyber criminal gets credentials and gains unauthorized and persistent access to company assets until discovered and stopped, financial loss and expenses could trigger the Computer and Funds Transfer Fraud coverage (FTF) if all other conditions for FTF are met.

Claim Scenario provided by Cowbell

 

Types of Social Engineering Attacks

The following five techniques are among the most commonly used during social engineering scams:
  • Baiting- attackers lure users into a trap that steals their personal information.
  • Scareware- users are deceived into thinking their system is infected with malware.
  • Pretexting- attackers obtain user information through a series of cleverly crafted lies.
  • Phishing- attackers forward an email or text to the target seeking information that might help with a more significant crime.
  • Spear Phishing- attackers tailor their message based on job positions in contacts belonging to the victim to make their attack less conspicuous.

 

Common Steps of Social Engineering Infographic

 

Social Engineering Techniques and Prevention 

Post COVID-19, more and more businesses are working remotely and moving more information to the cloud. As a result, phishing is at an all-time high and is still the most successful social engineering threat. Phishing continues to increase at alarming rates. The scammers use new apps that can easily evade network security. The most common companies impersonated by phishers are Microsoft, Google, Facebook, Apple, and Paypal.

According to the FBI’s Internet Crime Complaint Center, BEC attacks (Business Email Compromise attacks) have increased by over 2,370% since 2015. The scammer’s email will look authentic and appear from a known authority figure, compel the employee to open the email and act upon the request.

Since BEC attacks don’t involve malware based on social engineering tactics, they also can evade antivirus and spam filters. As a result, the expectation is that companies will invest more in their front lines of defense, such as education, training, and implementing multi-factor authentication. Moreover, most insurance companies will no longer provide cyber coverage to a company without multi-factor authentication.

Deepfake and nation-state attackers view social engineering as an opportunity to manipulate information, destroy credibility and impersonate trusted sources. While the real impact of deep fakes has yet to be measured, the technology is so powerful that it can be used to social engineer bogus messages to scam businesses.

In addition, nation-state attackers can create fake viral videos of politicians, spread disinformation, manipulate sentiments, spark outrage and hatred and even topple governments. As a result, experts recently ranked deepfake technology as the most worrying use of artificial intelligence that could have severe implications for cybercrime and terrorism.

 

Social Engineering Tips

 

How Does Cyber Liability Insurance Work?

Cyber incidents are costly and incredibly disruptive for any business. While organizations can manage privacy risks through cyber security best practices, companies must also manage risks through cyber liability insurance. Cyber insurance can provide a team of cyber experts the ability to respond quickly to a social engineering attack, including forensic experts, attorneys, breach response specialists, and credit monitoring companies.

Cyber liability coverage is inexpensive to protect the corporate balance sheet from losses not typically covered under traditional insurance policies. In addition to first-party costs like forensic investigation and notification, cyber coverage extends to third-party claims alleging unauthorized disclosure of personal information or other confidential data.

 

Want to Learn More?

If you have questions about Cyber Insurance or review coverage options, please contact us.

For helpful tips on other popular topics, check out our articles on Cybercrime Targeting Small Businesses, Professional Liability Insurance, and Social Engineering.

As always, we are here to help you, your employees, and your business with all your insurance needs – from commercial insurance to group benefits to personal insurance.

Thank you for allowing the team at Mason-McBride to serve you!

 

Article By Jamie Parry

Skip to content