Best practices to prevent becoming a victim of social engineering fraud

It is important to communicate and increase awareness of the risk of social engineering fraud to all staff, and not just the finance department. Ad-hoc payment requests to external third parties and clients are often requested by ground staff, and effectively communicating the risk of a social engineering loss can add an extra defence barrier to preventing a fraud.

• Identify
• Verify
• Authenticate

Fake president / CEO fraud

• Always speak to the individual who has purportedly sent or given the instruction to make a payment.
• Always verify requests with another director, manager or supervisor and check the bank account is on an approved list which has been vetted.

Telephone payments & fund transfers

• Avoid giving or accepting payment instructions via telephone or email.
• Only accept requests in writing and on company headed paper from a known point of contact in that organisation.
• Verify all requests with a call back procedure to confirm authenticity.

Email scams & requests to change bank account details

• Check the name and email address of sender for spelling mistakes and if they are on approved list of contacts.
• Do not open any emails from unknown senders or with suspicious titles - they could contain viruses and expose the organisation to a cyber attack.
• Where an email appears to be from a known person, click on the email address to ensure it’s not hiding a bogus address.
• Using a call back procedure to authenticate the request can avoid being victim to a fraudster impersonating a known contact.
• Check the client file for any history of previous requests to amend bank account details or send large sums to a new account.

Managing suppliers & vendor details

• Maintain an approved list of suppliers and vendors, including key contacts with email addresses and telephone numbers.
• Ensure Suppliers and Vendors know that any requests to change bank account details should be sent in writing on company headed paper, signed by an approved person.
• Have a dual control procedure in place when appointing new suppliers to prevent fictitious vendor fraud.
   

Read more about how Chubb can offer you bespoke commercial crime insurance.