The Dangers of Social Engineering Losses

With the rise of dependency on technology, today’s financial institutions have a lot of security risks facing them. Data breaches, cybercrime, phishing, etc. are all hurting not only banks, but their customers’ sensitive financial information as well.

One major development in information risk is something called social engineering, which is essentially the “art of gaining access to buildings, systems or data by exploiting human psychology, rather than using technical hacking techniques,” according to CSO. There is no antivirus for this kind of threat because it hones in on customers directly, relying on misleading human employees rather than breaching digital defenses. Banks need to be on alert for this growing risk and can do so by understanding what it is and how it occurs.

Social Engineering Fraud

Vendor impersonation, executive impersonation and client impersonation are the three types of losses that banks can suffer in a social engineering threat. Banks are becoming the targets more frequently and fraudsters are using more aggressive tactics to gain sensitive information.

When a thief utilizes social engineering in an attack, they will impersonate a vendor, client, employee, and so on of a financial institution. They contact an employee and get sensitive company information or have them pay a fraudulent bill by transferring funds.

While this may seem like an unlikely threat, more common social engineering attacks are becoming more frequent and threatening. Companies, such as banks, are at risk and may not know they’ve been attacked until weeks later after the damage is done. This kind of attack makes it hard to regain funds and for small to mid-size businesses and could be detrimental enough to close things down.

How Can This Risk Be Reduced?

It’s important for banks to have systems and policies in place to help detect and keep social engineering scams away. Banks can take a number of preliminary measures to keep social engineering attacks at bay. One step is to invest in bankers crime insurance. Many crime insurance policies have historically denied coverage for social engineering attacks, as they state that the information or money was technically given willingly (rather than taken in a robbery or breach), but our Crime Insurance policy does cover phishing scams, one of the most common forms of social engineering attacks.

Banks can also be suspicious of unsolicited phone calls, visits or email messages from people asking about certain employees or sensitive internal information. Banks should also train their employees to have someone who calls in for information verify directly with the company. Also, make sure to not provide personal information or information about your bank, unless it is to a verified bank authority.

While scams like these are becoming more frequent and more refined, the way to combat these risks are becoming stronger through education. From insurance to education and training, banks can take the steps they need in order to provide as much internal security for their own networks and information as they do for their customers.

About Financial Guaranty Insurance Brokers

Since 1983, Financial Guaranty Insurance Brokers has distinguished itself as a provider of Professional Liability, Cyber Liability, and Crime insurance products for entities of all types. To receive timely, personalized service from a knowledgeable and experienced staff, call us today at (626) 793-3330 to speak with one of our professionals.