Social Engineering is a Risk Every Business Should Know About

September 26, 2020 · Commercial Lines

Blog Social Engineering is a Risk Every Business Should Know About

Here's a brief look at the common forms of computer fraud and why you need adequate coverage for your firm.

Have questions?
Contact us today.

Phone: (800) 211-2508

By providing your phone number you consent to receive SMS communication from ComTech-Leavitt Ins. Services. Privacy Policy

Please note: coverage cannot be bound or altered online. A service representative will need to contact you to finalize your request.

Types of Social Engineering Fraud

Social Phishing

This remains the most popular form of social engineering attackers use. Social phishing aims to obtain confidential information, such as passwords, usernames and social security numbers. To achieve this, attackers use phishing emails that include shortened links to malicious sites that host phishing algorithms. It is also common to incorporate a sense of urgency, fear or threats.


Unlike phishing, which relies on fear, threats and urgency, pretexting involves building false trust to trick people into giving up confidential information. The attacker may impersonate agents, officials, IT personnel or anyone they need to convince you to provide login details, social security number and other details.

Baiting and Quid Pro Quo

Baiting is similar to social phishing, but the attacker incorporates a good or item to incentivize people into giving up information or clicking on compromised links. In baiting, attackers may promise free music, streams or even physical items. Quid pro quo is similar to baiting; only it uses services in place of goods.


This form of social engineering involves following company workers or posing as one to gain access to a building or office. It is less common in well-established firms but pose a significant threat for small and medium-sized businesses. Attackers can strike conversations to build trust with employees and use the show of familiarity later on to access confidential data or areas.


Technology companies and those in the communications industry face computer fraud on a day-to-day basis through social engineering. While there is a lot you can do to mitigate these risks, or transfer risk, you should also consider purchasing an insurance policy that protect your business from financial disruption to pay for resulting cost and damages. Each category above has subgroups so social engineering can take many forms.