Cyber Criminals Using Social Engineering to Defraud Businesses

Social Engineering to Defraud Businesses

Social Engineering to Defraud Businesses

New research from US-based cybersecurity company FireEye, which analysed 1.3 billion phishing emails in Q1 2019, has found three big emerging trends.

Cybercriminals are increasingly using impersonation in phishing attacks, with the rate up 17% from Q4 2018, primarily by imitating well-known brands. Microsoft spoofs accounted for almost a third of the Q1 attacks, plus OneDrive, PayPal, Apple, and Amazon were impersonated. Cyber crims also impersonate CEOs and other senior corporate officers to request changes to bank account information.

A second trend is using HTTPS (hypertext transfer protocol secure) for malicious phishing sites, which jumped 26% in Q1 2019. HTTPS can give a false sense of security because there’s a misconception the protocol is only identified with legitimate, safe sites.

A third trend is hosting malicious files on trusted, cloud-based, file-sharing sites, such as Dropbox, Google Drive, and OneDrive. That means links don’t look suspicious and can get through email filters.

Gerry Power, National Head of Sales at award-winning Emergence Insurance, says social engineering advice is one of the most frequent requests from brokers seeking information for their clients.

 

Cyber Criminals Using Social Engineering to Defraud Businesses

Socially engineered theft or ‘hacking the human’ is a trending exposure in Australia and globally today. Most breaches are caused by employees opening phishing emails that have already made it through existing technology defenses.

It can take hundreds of days to find out you’ve been compromised. Clicking on one phishing email can enable a criminal to infiltrate a company’s system, escalate their access and privileges, and steal the company’s crown jewels, clean out the bank accounts, or develop fake invoices.

Gerry says many people think they’re adept at spotting scams, but the task is getting harder as cybercriminals broaden their reach and methodologies.

Organisations need better training and education and heightened awareness to get a step ahead. They also need insurance as a last line of defence.

Emergence’s Criminal Financial Loss cover option has been designed to provide cyber insurance protection for financial loss, be it cash, accounts receivable or securities associated with a company’s business being hacked or a social engineering attack causing direct financial loss from an electronic funds transfer to an unintended third party.

A cyber insurance policy is part of every successful business’s risk management framework, but it’s not the first line of defence against Social Engineering to Defraud Businesses.

Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack. But no amount of risk management can get you out of the sights of a determined cyber attacker.

FireEye’s report says threat actors are “doing their homework” and developing new variants of impersonation attacks that target new contacts and departments within organisations.

 

 

Source: Emergence

 

Compare Cyber Insurance

Cyber Insurance Comparison

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

 

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

 

Cyber criminals are getting smarter at using social engineering to defraud businesses

Leading Insurer Adds Optional Cover for Social Engineering

Social Engineering

Social Engineering

Optional Cover for Social Engineering

Cyber specialist Emergence Insurance has enhanced its policy wording to cover social engineering.

Emergence has developed a new, optional section, Criminal Financial Loss, which offers cover for socially engineered thefts and cryptojacking. The new covers are in addition to cyber theft and telephone phreaking, which have long been part of Emergence’s offer.

Jeff Gonlin, Emergence’s Head of Underwriting and Product Development, says traditional cyber thefts target IT systems, but social engineering threats target individuals.

“Hacking humans is now big criminal business. People are the weakest link in the security chain,” he said.

Social engineering exploits people who are tricked into divulging sensitive information, transferring money to hackers’ accounts, or even providing access to corporate IT systems.

What is Social Engineering

Examples include business email compromise (BEC), phishing (using electronic communications to fraudulently obtain sensitive information) and baiting (using free offers to surrender login credentials). Fake invoices are another ploy, through which criminals insert themselves into the middle of transactions.

“A supplier’s invoice may look genuine and even represent a legitimate bill a victim is expecting, but doctored bank details mean the funds go to crooks instead of the intended recipient,” Jeff said. “We are seeing the dark side of psychology meeting technology.”

Jeff advocates a holistic approach to cyber security. “It’s not just about your IT, or your employees, it’s both, and how the two interact.”

Internal controls and cyber security training are part of the solution. “But even well-trained employees make innocent mistakes that can be costly,” Jeff said. “That’s where insurance comes into play.”

Brokers and their clients had sought the additional coverage because of the rise of social engineering attacks. The Australian Competition and Consumer Commission’s (ACCC) Scamwatch data shows BEC scam incidents increased 33% in 2018 and BEC accounted for 63% of business losses reported to ACCC.

The rapid rise of social engineering attacks has prompted ACCC to encourage businesses to immediately review processes for verifying and paying invoices.

“Social engineering scams can be sophisticated and many businesses only realise they’ve been caught when it’s too late,” Jeff said.

Digital currencies have spawned cryptojacking, where crooks hijack computers to mine digital currency. Those affected may experience substantial loss of computer performance, reduced battery power, and increased electricity costs. Emergence insureds can now protect themselves against the financial impact.

“Cryptojacking demonstrates the dynamic nature of cyber risks,” Jeff said. “It’s important for businesses to choose a cyber insurer whose cover keeps pace with the evolving threat landscape.”

Ways to Reduce the risk of Social Engineering

Risk management was the best weapon to protect against criminal financial fraud. Jeff said businesses should:
• Use two-factor authentication to secure all online accounts
• Consider the source – treat unsolicited emails with scepticism
• Slow down – consider procedures to deal with what appear to be urgent requests
• Train all staff in security awareness
• Set strong passwords for all devices and accounts
• Review processes, procedures and separation of duties for financial transfers
• Review, refine and test incident management and phishing reporting systems
• Patch frequently and install antivirus software.

While a cyber policy was part of every successful business’s risk management framework, it was not the first line of defence.

“Cyber insurance is designed to protect a business when its IT security, policies and procedures fail to stop an attack,” Jeff said. “But no amount of risk management can get you out of the sights of a determined cyber attacker.”

Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.

Source: Emergence Insurance

Compare Cyber Insurance

Cyber Insurance Comparison

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

 

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs