Cyber criminals are creating new advanced social engineering tactics and targeting small and medium-sized businesses. The FBI estimates that cyber criminals stole more than $28 billion through email fraud from 2016-2020, with an average loss per incident of more than $150,000.
Business owners and IT professionals must adapt to these rising social engineering trends to reduce exposure. One of the best ways to keep yourself safe from a social engineering attack is to be able to identify them. Read about what social engineering looks like, attack types to know, and red flags to watch for to avoid becoming a victim.
What is Social Engineering?
Social engineering can be described as the art of human hacking by impersonating executives, employees, vendors, and suppliers. Social engineering in its basic form is the act of tricking an individual into providing commercial or personal information, usually done through technology. However, unlike technical hacking, which is designed to gain access to systems or data, Social engineering scammers exploit human weakness, curiosity, and anxiety through the use of deception to manipulate them with the intent of using the information gathered for fraudulent purposes. The most common social engineering attack is the unintended payment or transfer of funds made to cyber criminals through this deception.
Top Social Engineering Techniques
- Baiting- attackers lure users into a trap that steals their personal information.
- Scareware- users are deceived into thinking their system is infected with malware.
- Pretexting- attackers obtain user information through a series of cleverly crafted lies.
- Phishing- attackers forward an email or text to the target seeking information that might help with a more significant crime.
- Spear Phishing- attackers tailor their message based on job positions in contacts belonging to the victim to make their attack less conspicuous.
Social Engineering Trends to Know
Post COVID-19, more and more businesses are working remotely and moving more information to the cloud. As a result, phishing is at an all-time high and is still the most successful social engineering threat. Phishing continues to increase at alarming rates. The scammers use new apps that can easily evade network securities. The most common companies impersonated by phishers are Microsoft, Google, Facebook, Apple, and Paypal.
According to the FBI’s Internet Crime Complaint Center, BEC attacks (Business Email Compromise attacks) have increased at a rate greater than 2,370% since 2015. The scammer’s email will look authentic and appear from a known authority figure, compel the employee to open the email and act upon the request. Since BEC attacks don’t involve malware based on social engineering tactics, they also can evade antivirus and spam filters. As a result, the expectation is that companies will invest more in their front lines of defense, such as education, training, and the implementation of multi-factor authentication. Moreover, most insurance companies will no longer provide cyber coverage to a company without multi-factor authentication.
Deepfake and nation-state attackers view social engineering as an opportunity to manipulate information, destroy credibility and impersonate trusted sources. While the real impact of deepfakes has yet to be measured, the technology is so powerful that it can be used to social engineer bogus messages to scam businesses. In addition, nation-state attackers can create fake viral videos of politicians, spread disinformation, manipulate sentiments, spark outrage and hatred and even topple governments. As a result, experts recently ranked deepfake technology as the most worrying use of artificial intelligence that could have severe implications in cybercrime and terrorism.
How Does Cyber Liability Insurance Work?
While organizations can manage cybersecurity and privacy risks through practices, policies, and procedures, businesses must also manage risks through insurance. Cyber insurance can provide a team of cyber experts the ability to respond quickly to social engineering attacks, including forensic experts, attorneys, breach response specialists, and credit monitoring companies. In addition, cyber coverage is an inexpensive way to protect the corporate balance sheet from losses not typically covered under traditional insurance policies. In addition to first-party costs like forensic investigation and notification, cyber insurance also extends to third-party claims alleging unauthorized disclosure of personal information or other confidential data.
Want to Learn More?
As always, we are here to help you, your employees, and your business with all your insurance needs – from commercial insurance to group benefits to personal insurance.
Thank you for allowing the team at Mason-McBride to serve you!