Social media is changing the threat of fraud. The sheer volume of information available on employees online has made targeting businesses easier for fraudsters and criminals. Armed with information from company websites and social media, criminals use social engineering techniques to play on employees’ natural tendency to trust.
Traditional crime exposures such as fraud and dishonesty of employees are still very real risks businesses face however the emerging risk of social engineering is one that more and more companies are being targeted with.
Using information gleaned from social media, criminals mimic the voices and mannerisms of senior management, resort to flattery, and play on unfamiliarity and employees’ tendency to respond to authority.
They might request systems access, or a change of supplier details. And the result is often the fraudulent transfer of a large sum of money. Many existing crime policies do not cover this growing trend in losses and companies are finding that their policies fail when they’re needed the most.
WHAT WE DO
Fraud involving social engineering can be relatively simple and opportunistic, but they can also involve a degree of sophistication and planning. Criminals have been known to create fake social media profiles, as well as work in teams, bringing in fictitious staff members or professional advisors.
As more businesses are targeted, social engineering has become a burning issue for law enforcement. Interpol identified social engineering as one of the world’s biggest emerging crime trends.
Such fraud is difficult to stop in a business environment, where trust and hierarchy are important, and where competitive pressures and the need to build in flexibility – such as around payment processes – may be essential.
Following a rise in businesses increasingly asking about the availability of coverage for social engineering fraud, JLT in association with a panel of insurers, addresses this growing risk with a new crime and social engineering (CASE) insurance policy.
OUR MANAGEMENT LIABILITY TEAM’S KEY STATS
JLT, in association with a panel of insurers, have created an insurance produced called crime and social engineering (CASE), covering the growing exposure posed by social engineering in an environment where insurance for this exposure is becoming more difficult to achieve.
The benefits of this cover include:
- Affirmative and broad coverage for social engineering events – including any fraudulent communication from a third party source purporting to be genuine
- All risks crime coverage for:
- Theft of assets
- Social engineering
- Criminal damage
- Few exclusions, removing many avenues of common coverage dispute – JLT CASE will be adapted to future claims trends
- Broad coverage for new ventures and acquisitions, reducing the need for administration during the year
- Limits respond to each loss, there is no aggregate cap on insurance – current trends have seen multiple losses in quick succession to large international companies – this coverage addresses that concern
- Caters for and protects against the new insurer remedies under the UK Insurance Act 2015.
Business Email Compromise
Crelan Bank fell victim to a USD 75 million fraud known as a business email comprise. Details as to exactly what happened are scarce, it has been suggested that an email was sent to a financial employee or accountant purporting to be from the CEO requesting the urgent transfer of funds to a trusted partner of the company. Crelan Bank have reported the incident to law enforcement who are investigating.
Ubiquiti Network has been defrauded of some USD 46 million by scammers who impersonated employees. Details are scarce but the fraud seems to have involved scammers spoofing communications from the firm in an effort to initiate unauthorised international wire transfers. Ubiquiti say’s its recovering USD 8.1 million of the heist and is trying to recover an additional USD 6.8 million through a legal challenge. Ubiquiti Networks are looking to improve their internal controls over financial reporting.