Social Engineering to Defraud Businesses
New research from US-based cybersecurity company FireEye, which analysed 1.3 billion phishing emails in Q1 2019, has found three big emerging trends.
Cybercriminals are increasingly using impersonation in phishing attacks, with the rate up 17% from Q4 2018, primarily by imitating well-known brands. Microsoft spoofs accounted for almost a third of the Q1 attacks, plus OneDrive, PayPal, Apple, and Amazon were impersonated. Cyber crims also impersonate CEOs and other senior corporate officers to request changes to bank account information.
A second trend is using HTTPS (hypertext transfer protocol secure) for malicious phishing sites, which jumped 26% in Q1 2019. HTTPS can give a false sense of security because there’s a misconception the protocol is only identified with legitimate, safe sites.
A third trend is hosting malicious files on trusted, cloud-based, file-sharing sites, such as Dropbox, Google Drive, and OneDrive. That means links don’t look suspicious and can get through email filters.
Gerry Power, National Head of Sales at award-winning Emergence Insurance, says social engineering advice is one of the most frequent requests from brokers seeking information for their clients.
Cyber Criminals Using Social Engineering to Defraud Businesses
Socially engineered theft or ‘hacking the human’ is a trending exposure in Australia and globally today. Most breaches are caused by employees opening phishing emails that have already made it through existing technology defenses.
It can take hundreds of days to find out you’ve been compromised. Clicking on one phishing email can enable a criminal to infiltrate a company’s system, escalate their access and privileges, and steal the company’s crown jewels, clean out the bank accounts, or develop fake invoices.
Gerry says many people think they’re adept at spotting scams, but the task is getting harder as cybercriminals broaden their reach and methodologies.
Organisations need better training and education and heightened awareness to get a step ahead. They also need insurance as a last line of defence.
Emergence’s Criminal Financial Loss cover option has been designed to provide cyber insurance protection for financial loss, be it cash, accounts receivable or securities associated with a company’s business being hacked or a social engineering attack causing direct financial loss from an electronic funds transfer to an unintended third party.
A cyber insurance policy is part of every successful business’s risk management framework, but it’s not the first line of defence against Social Engineering to Defraud Businesses.
Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack. But no amount of risk management can get you out of the sights of a determined cyber attacker.
FireEye’s report says threat actors are “doing their homework” and developing new variants of impersonation attacks that target new contacts and departments within organisations.
Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service
Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs