Social media is changing the threat of fraud. The sheer volume of information available on employees online has made targeting businesses easier for fraudsters and criminals.
Armed with information from company websites and social media, criminals use social engineering techniques to play on employees’ natural tendency to trust.
Having done their due diligence, criminals target employees, tricking them into transferring funds, or revealing passwords that give them access to a company’s systems.
Out of the blue, an urgent yet convincing call comes in from somebody claiming to be a senior manager, bank employee or representative of a professional services company.
Using information gleaned from social media, criminals mimic the voices and mannerisms of senior management, resort to flattery, and play on unfamiliarity and employees’ tendency to respond to authority. They might request systems access, or a change of supplier details. And the result is often the fraudulent transfer of a large sum of money.
Senior managers at subsidiaries, and junior employees in treasury departments, are typical targets of social engineering.
Another common tactic is to go after companies that have recently been involved in mergers and acquisitions (M&A). Once the dust has settled on an M&A, a quick call to a senior manager at the acquired company, and a request to transfer funds, can result in the loss of millions.
This type of fraud is very hard to counter. It takes many months for organizations that are merging to align their processes. That leaves them vulnerable to theft in the early stages of integration.
Frauds involving social engineering can be relatively simple and opportunistic. But they can also involve a degree of sophistication and planning. Working in teams, criminals create fake social media profiles, and bring in fictitious staff members or professional advisors.
As more businesses are targeted, social engineering has become a burning issue for law enforcement. Interpol identified it as one of the world’s emerging crime trends.
And it’s difficult to stop in a business environment, where trust and hierarchy are important, where there are competitive pressures, and where flexibility of payment processes can be essential.
Training and regular bulletins can help keep staff vigilant, while insurance cover is available for companies that can demonstrate that they have the appropriate controls in place.
Crime insurance has demonstrated its value in this area, as insurers have paid out some significant claims in recent years where social engineering has been central to the cause of the loss.
For further information, please contact Mike Parry, Partner on +44 (0)207 528 4921