Pub. 4 2016 Issue 3
14 The Community Banker www.mibonline.org SOCIAL ENGINEERING By Tracey Santor, Product Manager, Financial Institution Bond, Travelers Bond & Specialty Insurance . Q: How to fraudsters get the information they need to trick employees? A: Fraudsters may get the information to trick employees by hacking into someone’s system or just by studying a company’s website or an executive’s Linkedin page. The fraudster then uses this information to trick employees into believing that he or she is someone else. The new types of social engineering go by sev- eral names. It might be called whaling (similar to phishing, but in this case the fraudster is going after an executive, or “big fish” hence the term whaling), masquerading, fake president scam, or CEO fraud. I also recently saw it referred to as a “bogus boss” scheme. No matter what the name, banks need to be aware of it and on the alert to prevent it from happening. Q: How can banks avoid becoming a victim of social engi- neering schemes? A: Social Engineering can be prevented. The best way is to have checks and balances in place for employees and to follow some simple steps: • Train and re-train your employees to be on the lookout for social engineering. • Look for misspellings or grammatical errors in emails. • Verify payment instructions by calling back the purported client, vendor or employee. • Use pre-determined phone numbers. • Don’t “reply” to emails, start new ones. • Engender a corporate environment where it is okay to verify. Q: Where can I learn more? A: In addition to insurance coverage that can help offset the impact of social engineering fraud risks, Travelers offers numer- ous educational resources, such as insightful loss-control articles and tips. Learn more here. at https://www.travelers.com/busi- ness-insurance/financial-institutions/banks-diversified-institutions Spotlight Q: What is Social Engineering? A: Social Engineering is a non-technical method of intrusion that relies heavily on human interaction. In many cases it involves trick- ing people into breaking normal security procedures. The old school form of social engineering was when a fraudster called someone and tried to gain their trust and elicit information out of them. An example of this might be when someone called an individual and pretended to be from their credit card company or bank. The fraudster was trying to elicit information from them like their account number or password so that it could be used for the fraudster’s benefit. The fraudster’s have recently (in the last 3 or 4 years) come up with new forms of social engineering which use technology to hide behind when they are pretending to be someone else. This new type of social engineering is non-technical in that it uses people to enable them to get money. The fraudsters use email or the phone to trick employees into sending out large sums of money.
Made with FlippingBook
RkJQdWJsaXNoZXIy OTM0Njg2