It’s a term you might never have even heard of, but social engineering fraud is the hottest topic in crime insurance, and a major risk facing all businesses, according to one of the industry’s top experts in the field.
“I always ask the question – what keeps you up at night – to our risk managers, and [social engineering fraud] always pops up in the top two or three,” XL Catlin’s global crime insurance leader, Greg Bangs, told Insurance Business at the Risk Management Society’s annual conference in Philadelphia, USA.
Best described as a “modern day version of the old con-scams,” criminals have perfected a technique in which they troll social media platforms such as Twitter, Facebook, LinkedIn, and even company websites, to gather information which they use to impersonate someone in a company.
Fraudsters gain information from various sources so they know who a company’s vendor is, “then they’ll either hack that vendor’s system so they get copies of the invoices, or the letterhead, all the appropriate information,” or they will contact companies directly, impersonating the vendor, and requesting copies of these documents.
Want the latest insurance industry news first? Sign up for our completely free newsletter service now
With that information in hand, the criminals will contact the company they are defrauding – appearing to be the vendor – and request a change of bank details and a payment.
“You’d be amazed how many people just take it, process it, done. And they submit this money to the new vendor and its only months later when the real vendor says, “how come I haven’t been paid?” that they realise they’re out all of this money,” Bangs commented.
But traditional crime insurance policies have not covered insureds for this risk, as technically the victim has voluntarily handed over the funds. “Also, the definition of computer fraud in most policies requires an actual hack into the system, as opposed to just giving it away,” Bangs explained.
“I guess that you could call me the Godfather of this coverage, as I actually created the first kind of coverage for this fraud here in the US market, and the intent was you take an existing crime policy and you extend it by endorsement to include social engineering risks.”
Alongside coverage, one of the biggest ways to combat the risks of social engineering fraud is through education and internal training, Bangs explained, “so you make sure that employees understand that these scams are not happening on occasion, but are happening all the time.”
Insuring against the changing face of global terror
133 jobs at risk in major broker's restructure