<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2119418688374700&amp;ev=PageView&amp;noscript=1">

Playing Defense Against Fund Transfer Fraud and Social Engineering Attacks

September 7th, 2023

2 min. read

By Zachary Kaiser, Strategic Risk Advisor

Padlock on top of computer chip pathways

A key element of being proactive against cyber fraud is ensuring that everybody in your organization is trained and understands the various ways that bad actors attempt to access systems. Frequently, it’s though innocuous or well-disguised emails or messages that employees may not think twice about.

In an earlier article, I discussed being proactive against cyberattacks in part by understanding the differences between cyber liability and data breaches and understanding the different types of associated insurance, but the initial incident almost always involves some form of influence or manipulation to gain access. From there, the attacks vary by industry and opportunity.

Criminals use social engineering to play on the recipient’s innate desire to be helpful and they create a false sense of urgency. Before you know it, a malicious link has been clicked, sensitive information has been shared or credentials have been accessed.

This type of accidental disclosure (usually via email) is extremely likely to occur within any organization. Furthermore client/vendor relationships are more intertwined than ever before and involve sharing trade secrets, network access and in some cases, continual monitoring and oversight – so it’s not just your own employees you need to be concerned about training, but any partner organization that has legitimate access to your system or sensitive information.

Knowledge and training: your best defense

With the pace of business today, it is impossible to avoid these schemes. Unfortunately, no one is immune from the potential of an attack and most deal with a host of these threats daily as they tend to be high in volume and relatively low in success. But similar to a water leak, it is just a matter of finding the vulnerable spot. Given the nature of these attacks and acknowledging that the risk commonly involves some elements of human error, recognizing the various threat and raising awareness is key to minimizing those vulnerable spots.

Often these threats will appear as a request for payment or a change of a vendor account number. If the recipient is tricked into engaging and responding, it could be very costly for the organization. For that reason, it is important that everyone understands the process for making payments, even if that means they aren’t allowed to make them. Strict rules regarding verification of identity and the request are what generally limits the success of these attacks.

It is also important that everyone enrolls in some level of cyber awareness training. For a while, cyber risk training was not considered a priority as Multifactor Authentication (MFA) implementation took center stage. But now with most firms adopting MFA as a standard, the shift has focused back to developing a training program to help raise employee awareness to recognize attacks in real-time or ensure security safeguards are followed.

Increasing sophistication of schemes

Early attempts at these schemes – the most basic phishing – were rudimentary but effective enough for the cybercriminals to continue.

Today we are seeing Business Email Compromise (BEC) schemes based on pretexting. This means the attack is focused on a specific individual or small group based on information the criminal already knows, making the outreach seem more plausible and real. They criminals may have hijacked an existing email thread or are mimicking an actual vendor with a propped-up website and email address.

As a result, successful attacks are growing in number and cost. The median amount lost per successful attack is $50,000 according to the 2023 Verizon Data Breach Investigations Report (DBIR).

The dual pronged approach of employee training and tight security measures combined with the right cyber liability insurance can help protect your organization by both minimizing the chance of a successful attack and protecting the organization in the event of an attack.

 

New call-to-action

 

Zachary Kaiser, Strategic Risk Advisor

Zachary Kaiser has been a strategic risk advisor at McClone since 2015. Zach’s commitment to relationship building helps him form partnerships with commercial clients. He is a trusted consultant for managing and reducing risk. Zach’s philosophy on risk management is ‘while you want to have insurance, you also want to take steps to reduce the likelihood you will ever need to use it.” Combining his business knowledge and technical skills, Zach specializes in cyber risk. He works with organizations to challenge conventional thinking and finds innovative ideas to protect revenue sources while supporting strategic objectives. Zach holds a bachelor’s degree in journalism from the University of Wisconsin Oshkosh. He and his wife Emily and their two children live in Sheboygan.

What is a Waiver of Subrogation for Work Comp? Are there Risks?

May 20th, 2025|4 min. read

Your Experience MOD Factor Explained

April 28th, 2025|5 min. read
Closed sign

Does your cyber insurance cover contingent business interruption?

October 25th, 2023|2 min. read
Paperwork being shared across a desk

3 factors businesses can control in a hardening insurance market

June 28th, 2023|2 min. read
Hardening Market Insurance Premium Increase Chart

Insurance Insights: How a Hardening Market Impacts You

January 6th, 2021|2 min. read

Learning from a Crisis: 5 Steps to Boost Business Success

June 24th, 2020|2 min. read
Is_Workers’_Compensation_the_Same_in_Every_State

Is Workers’ Compensation the Same in Every State? How Wisconsin Compares

June 11th, 2020|2 min. read
Circuit board with security lock

Cybersecurity is a Team Effort and Everyone Plays Defense

January 15th, 2020|4 min. read
umbrella-1588167_1920

How High Should My Commercial Umbrella Limit Be?

May 29th, 2019|2 min. read
Top View of Boot on the trail with the text Safety First2

Safety Program: Internal Audits and Self-Inspections

May 8th, 2019|3 min. read
Under construction, helmet and bricks for building site-1

How to Avoid Common Compliance Oversights in Construction Contracts

March 20th, 2019|3 min. read
8 Must-Have Types of Insurance for Construction Companies

8 Must-Have Types of Insurance for Construction Companies

January 9th, 2019|4 min. read
Safety_Walkaround

3 Steps for Conducting an Effective Safety Walkaround

November 7th, 2018|2 min. read
Learn facts about business interruption insurance

What You Might Not Know About Business Interruption Insurance

August 15th, 2018|4 min. read
Importance_of_a_Business_Continuity_Plan

Importance of a Business Continuity Plan — Top 5 Best Practices

July 11th, 2018|3 min. read
Top_Business_Risks

Top 5 Business Risks for 2018 (And What to Do About Them)

July 3rd, 2018|2 min. read
Finding_the_Right_Insurance_Coverage

Finding the Right Insurance Coverage for Your Business

May 30th, 2018|3 min. read
Factors_that_Impact_Workers_Comp_Premiums

4 Factors that Impact Your Workers’ Compensation Premiums

May 2nd, 2018|3 min. read
caution-wet-floor-sign

The Top 10 Property & Liability Claims for Small Businesses

April 20th, 2015|2 min. read
cows-in-feild-at-dairy-farm

Dairy Margin Protection Program (MPP)

October 15th, 2014|2 min. read
wheat-feild-in-front-of-blue-sky

Important Changes to Replant Requirements

May 12th, 2014|1 min. read
money

The Insurance behind the Billion Dollar Bracket

March 19th, 2014|1 min. read
wheat-feild-in-front-of-blue-sky

GRP and GRIP Policy Changes

September 10th, 2013|2 min. read
tractor-pulling-farming-equipment-across-field

Implements of Husbandry

June 27th, 2013|3 min. read