Blog Social Engineering is a Risk Every Business Should Know About

Social Engineering is a Risk Every Business Should Know About

Written by April Yearby—Vice President, Agency Co-Owner Joe Weipert—Senior Vice President

September 27, 2020 · Commercial Lines

Here's a brief look at the common forms of computer fraud and why you need adequate coverage for your firm.

Have questions?
Contact us today.

Phone: (800) 211-2508

Please note: coverage cannot be bound or altered online. A service representative will need to contact you to finalize your request.

Types of Social Engineering Fraud

Social Phishing

This remains the most popular form of social engineering attackers use. Social phishing aims to obtain confidential information, such as passwords, usernames and social security numbers. To achieve this, attackers use phishing emails that include shortened links to malicious sites that host phishing algorithms. It is also common to incorporate a sense of urgency, fear or threats.

Pretexting

Unlike phishing, which relies on fear, threats and urgency, pretexting involves building false trust to trick people into giving up confidential information. The attacker may impersonate agents, officials, IT personnel or anyone they need to convince you to provide login details, social security number and other details.

Baiting and Quid Pro Quo

Baiting is similar to social phishing, but the attacker incorporates a good or item to incentivize people into giving up information or clicking on compromised links. In baiting, attackers may promise free music, streams or even physical items. Quid pro quo is similar to baiting; only it uses services in place of goods.

Tailgating

This form of social engineering involves following company workers or posing as one to gain access to a building or office. It is less common in well-established firms but pose a significant threat for small and medium-sized businesses. Attackers can strike conversations to build trust with employees and use the show of familiarity later on to access confidential data or areas.

Summary

Technology companies and those in the communications industry face computer fraud on a day-to-day basis through social engineering. While there is a lot you can do to mitigate these risks, or transfer risk, you should also consider purchasing an insurance policy that protect your business from financial disruption to pay for resulting cost and damages. Each category above has subgroups so social engineering can take many forms.