Fraud Awareness Week is an annual opportunity to evaluate and improve upon security measures, but it’s important to be prepared and to always stay vigilant. Recent developments in social engineering fraud are changing the way organizations handle emerging business scams — and fraud protection in general.
Scammers have found clever ways to bypass authorization and security filters, which leaves companies without the right coverage vulnerable to financial loss. Understanding how social engineering tactics are used in emerging scams such as fake president fraud (also known as CEO fraud) can help employees recognize similar techniques and prevent damages. Read on for insight aimed at keeping your team informed, and your business better protected.
First, the Basics: What Are Social Engineering Tactics?
Social engineering is a manipulation tactic that exploits common psychological patterns and subconscious actions. Criminals use social engineering to infiltrate corporations by impersonating business leaders in positions of authority. In such instances, scammers can create a sense of urgency and leverage secrecy to distract employees from the dubious nature of the request.
Because such tactics are emerging more frequently in various forms of online criminal activity, insurance and risk management professionals have identified a new trend, commonly referred to as social engineering fraud. This type of fraudulent activity exists outside of cybersecurity and covers a wide range of scams, such as fake president fraud, that are relatively new to businesses.
What is Fake President Fraud?
The term “fake president fraud” refers to a specific type of scam that uses social engineering to coax employees into transferring a large sum of money directly into an account. Most companies’ cyber insurance policies do not cover fake president fraud, which makes this scam a prominent risk.
Understanding the tactics behind fake president fraud can help employees prevent potential risks from turning into financial losses. Targeted training should cover everything from how to recognize scams, to the best ways to report incidents and any company protocols your business has in place. Businesses can also check employee knowledge by distributing routine test emails that mimic scammer behaviors.
Criminals often use automated or systematic methods to distribute scam emails. Here are the four steps associated with fake president fraud:
- Contact — A scammer will pose as a specific business executive by strategically selecting a personal or business email with the user’s name in the domain.
- Request — The host will request a wire transfer to a foreign bank account for a seemingly justifiable purpose.
- Manipulate — If the employee responds unfavorably to the request, the user will create a sense of urgency or emphasize secrecy to avoid suspicion.
- Transfer — At this point, the victim is likely to succumb to the pressure and transfer the requested amount to appease the impersonator. Most banks will approve the request as long as the employee is an authorized user on the account.
Fraud and Business Email Compromise Scams
Fake president fraud isn’t the only type of scam that uses social engineering to manipulate employees. Business Email Compromise (BEC) fraud is another type of emerging scam that many corporations are struggling to combat. According to FBI reports, BEC scams cost corporations billions of dollars a year in losses. Similar tactics are used to trick employees, vendors or clients into providing confidential information or committing an act that puts victims’ finances at risk for loss.
From June 2016 to December 2021, the FBI reported a 65% increase in BEC scam-related losses and more than $43 billion spent based on filings with financial institutions. Sources also found that BEC scams in 2021 cost businesses nearly $2.4 billion in losses, which was a 33% increase from the year prior.
In contrast to fake president fraud, which targets financiers within a corporation, BEC scam victims are coerced into sending money from a personal or third-party business account. In addition, criminals can infiltrate systems that contain sensitive information resulting in a data breach. BEC scammers attempt to access to systems that contain personal information, corporate account numbers or password credentials.
Criminals use social engineering tactics to keep their identity concealed and make it difficult for cybersecurity software to recognize the scam. In certain instances, BEC scams are considered cyberattacks or data breaches. Depending on the strategy, insurance underwriters might categorize losses associated with specific BEC scams as fraud. Any criminal posing as a fake business entity outside of your organization should be reported to the Better Business Bureau as soon as possible.
Fraudulent activity and cybercrimes are difficult to distinguish in some cases, based on the complexity of scammers’ approaches and requests. When it comes to coverage, businesses should consider investing in a specialized policy to prevent fraud-related losses.
Insurance Coverage for Corporate Fraud
Cyber insurance policies do not protect businesses against fake president fraud because this type of criminal act is considered fraud, as opposed to a data breach. While such tactics may appear to be part of a cybersecurity scam, employees technically provide authorization for wire transfers. Fraud insurance exists apart from cyber policies, but it’s a good idea to review coverages with your provider during the renewal period.
Another way to protect your company from fraud is to keep track of scamming tactics, especially new developments in criminal activity that leave businesses financially vulnerable without the proper coverage. Lack of coverage places immense responsibility on leadership to ensure employees do their due diligence. That’s why many leaders choose to implement a company-wide risk management strategy.
Mitigating Fraud-Related Risks and Recognizing Scams
Because criminals target employees at every level of a company, it’s best to start by generating awareness about common scamming tactics as well as new trends. To prevent employees from falling victim to social engineering tactics, ensure all team members are knowledgeable and equipped to handle all types of fraudulent activity. Keep in mind that remote and entry-level employees are especially vulnerable to fake president fraud because people in these positions are less likely to interact directly with executives on a day-to-day basis.
Identity verification is another way organizations can thwart impersonators that use strategic tactics to commit fraud. Decisionmakers can implement a company-wide procedure that requires employees to confirm personal information over the phone before completing any financial request. Organizations with more than one authorized user on corporate bank accounts should consider specialized training to prepare employees to handle all types of fraudulent acts.
Providing employees with educational resources and training exercises is a great place to start. Contact BCH for risk management strategies and training programs to keep your team alert and aware of fraudulent threats when it matters.