Over the past 20 years, hackers have become an all too common topic in our daily news. It seems as if each time we check our favorite news app, turn on the TV, or listen to the radio on our morning or evening commute the shadow of compromise weighs heavy on our privacy. Corporate data is continually being hacked, yet you never hear about companies being tricked or misled into sending money based on fraudulent information.
This type of fraudulent activity has been coined Social Engineering. This is a non-technical method of intrusion that relies heavily on human interaction. Generally, this involves tricking people into breaking normal security procedures through a phone call, email, fax or a letter.
How it Works
An employee receives a message in some form that appears to be from a vendor, client, or supplier that contains a request for information. The employee complies with the request (not knowing or expecting anything to be wrong), and gives the perpetrator the information they need in order to successfully divert the payment to them, access other company funds, or obtain client information. In the meantime, this incident goes undetected and business moves on as usual until a later date when payment to the actual vendor has not been made, or funds start to go missing. These perpetrators continue to evolve in their tactics and are very sophisticated in their scams.
Your Next Steps
- Review your insurance coverage with your insurance provider to determine if you have coverage for a claim of this nature (NOTE: this type of coverage generally needs to be endorsed on standard crime policies).
- Take steps internally to be sure processes are in place to prevent this type of loss including:
- Set security protocols in place to be used when dealing with business partners, vendors, and customers.
- Educate all employees on this type of scam, and have them report all red flags.
- Rely on the relationships that you have with your customers, vendors and business partners. If the request does not seem like something they would do, follow up with them.
- Monitor your company funds daily.
- Keep excellent records of transactions with clients and vendors.
One in two large businesses and one in five small businesses will be attacked this year. Don’t let this exposure put your business at risk.