Best Practices to Prevent Becoming a Victim of Social Engineering Fraud

Best Practices to Prevent Becoming a Victim of Social Engineering Fraud

Communication is Key

It is important to communicate and increase awareness of the risk of social engineering fraud to all staff, and not just the finance department. Ad-hoc payment requests to external third parties and clients are often requested by ground staff, and effectively communicating the risk of a social engineering loss can add an extra defence barrier to preventing a fraud.

3 key actions to take to prevent being a victim of social engineering fraud:

  • Identify
  • Verify
  • Authenticate

Here are some examples and best practices on how to mitigate and stop a social engineering loss occurring.

Fake President/CEO Fraud:

  • Always speak to the individual who has purportedly sent or given the instruction to make a payment.
  • Always verify requests with another director, manager or supervisor and check the bank account is on an approved list which has been vetted.

Telephone Payments & Fund Transfers:

  • Avoid giving or accepting payment instructions via telephone or email.
  • Only accept requests in writing and on company headed paper from a known point of contact in that organisation.
  • Verify all requests with a call back procedure to confirm authenticity.

Email scams & requests to Change Bank Account Details:

  • Check the name and email address of sender for spelling mistakes and if they are on approved list of contacts.
  • Do not open any emails from unknown senders or with suspicious titles - they could contain viruses and expose the organisation to a cyber attack.
  • Where an email appears to be from a known person, click on the email address to ensure it’s not hiding a bogus address.
  • Using a call back procedure to authenticate the request can avoid being victim to a fraudster impersonating a known contact.
  • Check the client file for any history of previous requests to amend bank account details or send large sums to a new account.

Managing Suppliers & Vendor Details:

  • Maintain an approved list of suppliers and vendors, including key contacts with email addresses and telephone numbers.
  • Ensure Suppliers and Vendors know that any requests to change bank account details should  be sent in writing on company headed paper, signed by an approved person.
  • Have a dual control procedure in place when appointing new suppliers to prevent fictitious vendor fraud.

Read more about how Chubb can offer you bespoke commercial crime insurance, or contact your local office to find out more.

 

This information is intended to provide only a general description of the products and associated services offered by Chubb. Any advice is general only and does not take into account a potential purchaser’s objectives and financial situation or needs, or the prevailing laws and regulations in the relevant jurisdictions. Please refer to the full terms, conditions and exclusions of the relevant policy(ies). Coverages are underwritten by one or more companies of Chubb. Not all coverages are available in all countries where Chubb operates. Coverages are subject to licensing requirements and sanctions restrictions. This document is neither an offer nor a solicitation of insurance or reinsurance products. Potential purchasers should contact their local broker or agent for advice.

Related Articles

Getting your brain around cyber: A multi-faceted risk
Getting your brain around cyber: A multi-faceted risk
Essential tips for purchasing cyber insurance
Essential tips for purchasing cyber insurance
Small companies not under the radar for cyberattacks
Small companies not under the radar for cyberattacks

Related Products

Commercial Crime Insurance
Commercial Crime Insurance
Have a question or need more information?

Contact us to find out how we can help you get covered against potential risks