Home > Property & Casualty > Social engineering fraud – are you prepared?

Social engineering fraud – are you prepared?

Social Engineering Fraud is not a new phenomenon.  Who hasn’t received an e-mail asking to voluntarily send personal information to another so we can receive some sort of a large reward?  Most are aware of it, perhaps not by that name.

It comes in the form of an email or a trusted site. Hackers have learned how to trick their targets into falling for their scheme by taking advantage of human nature. There are stages to the attacks that mimic abuse: information gathering, relationship development, exploitation and execution. This grooming of the victim can result in claims of up to 100,000 or more for just one attack.

Companies should have a plan of attack when these issues arise. Having a statement that the company posts in a handbook or educating employees on what the ramifications are when social engineering fraud takes place. When discovering this fraud the words phishing, spamming, and malware come up as well, leading insurers to see that there is a problem occurring.

Social Engineering Fraud presents a serious insurance conundrum because the activity that causes the loss is a “voluntary act”, which is a standard Crime policy exclusion.  Carriers have been denying social engineering fraud claims due to the fact that they are not included in a Crime policy. Wire transfers and new bank accounts should cause employees to think twice as to whether the information is reliable. Certain few carriers will amend policies for inclusion if asked, but only on a sub-limited basis.

Claims become a tough area when it comes to Social Engineering Fraud. Since most fraud takes place via email, insurers have a hard time covering the claim because email is classified as an authorized entry. Carriers argue that the company designated the delivery of the funds. Because the funds were sent over wire with consent it is hard to reverse the action. The funds were sent by the company on the basis that the instructions were legitimate, therefore coverage is typically denied. That being said, insurance coverage for the theft, disclosure, and/or destruction via social engineering techniques of personally identifiable information, protected health information, or third party corporate information is available under cyber policies.

As social engineering fraud becomes more common, familiarize yourself with scenarios that might cause such claims, learn about actual claim scenarios, and talk with your commercial insurance broker about risk management techniques that may mitigate this emerging crime exposure.

About the Author

Rick Black is a Senior Vice President focused on Property and Casualty Insurance. He joined the firm in 2007, bringing with him 30 years of insurance experience in all areas of complex risk and risk financing. 

617.646.0279 | Rick.Black@wgains.com | Connect with Rick on LinkedIn

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s