Best Practices to Prevent Becoming a Victim of Social Engineering Fraud

Best Practices to Prevent Becoming a Victim of Social Engineering Fraud
Increase staff awareness about social engineering fraud at all levels and across all parts of the business, in particular those who are likely to liaise with third parties and clients, not just the finance department. Quite often it’s the staff who deal with clients and suppliers every day who will request finance to make ad-hoc payments. Effectively communicating the risk of a social engineering loss only adds an extra defence barrier to preventing a fraud.


The 3 key actions to prevent being a victim:

  • Identify
  • Verify
  • Authenticate
Here are some examples and best practices on how to mitigate and stop a social engineering loss occurring.

Fake President/CEO Fraud:

  • Always speak to the individual who has purportedly sent or given the instruction to make a payment.
  • Always verify requests with another director, manager or supervisor and check the bank account is on an approved list which has been vetted.

Telephone Payments & Fund Transfers:

  • Avoid giving or accepting payment instructions via telephone or email.
  • Only accept requests in writing and on company headed paper from a known point of contact in that organisation.
  • Verify all requests with a call back procedure to confirm authenticity.

Email scams & requests to Change Bank Account Details:

  • Check the name and email address of sender for spelling mistakes and if they are on approved list of contacts.
  • Do not open any emails from unknown senders or with suspicious titles - they could contain viruses and expose the organisation to a cyber attack.
  • Where an email appears to be from a known person, click on the email address to ensure it’s not hiding a bogus address.
  • Using a call back procedure to authenticate the request can avoid being victim to a fraudster impersonating a known contact.
  • Check the client file for any history of previous requests to amend bank account details or send large sums to a new account.

Managing Suppliers & Vendor Details:

  • Maintain an approved list of suppliers and vendors, including key contacts with email addresses and telephone numbers.
  • Ensure Suppliers and Vendors know that any requests to change bank account details should be sent in writing on company headed paper, signed by an approved person.
  • Have a dual control procedure in place when appointing new suppliers to prevent fictitious vendor fraud.

Disclaimer - This content is brought to you by Chubb Insurance Malaysia Berhad (“Chubb”) as a convenience to readers and is not intended to constitute advice or recommendations upon which a reader may rely. Chubb makes no warranty or guarantee about the accuracy, completeness, or adequacy of this content. It is the responsibility of the reader to evaluate the quality and accuracy of material herein.

Related Insurance Product

Commercial Crime Insurance
Commercial Crime Insurance
Have a question or need more information?

Contact us to find out how we can help you get covered against potential risks