Technology has improved efficiencies, added convenience and helped many companies grow at an incredible pace. Even with advancements in technology, human interaction and error-prevention still play a critical role in protecting our assets.
Computer fraud called social engineering entails manipulating and deliberately deceiving a person and exploiting human weakness to obtain confidential information or assets such as cash.
This manipulation could include:
- Phishing – An email appears to come from a bank, an associate, friend or family member, causing the victim to trust the source. This request could contain a hyperlink or an attachment with malware that allows the attacker to access the victim’s computer, email account, contacts or social network accounts so that attacks can expand to other computers. While phishing is an email sent out to hundreds or thousands of target recipients, spear phishing is an email sent to one specific recipient and is a common means of social engineering.
- Fraud – An email appears to come from a trusted source – usually a superior in the workplace – directing the recipient to issue a check or initiate a wire transfer of money to an overseas account. These scams work because the sender has created and uses an email address similar to that of the actual superior. For example, email@example.com may be presented with an extra “r” as in firstname.lastname@example.org, tricking the recipient into believing the request is truly from a superior.
These incidents can be costly, resulting in theft of:
- account numbers and personal identification numbers (PINs)
- personally identifying information
- confidential customer information such as Social Security numbers, dates of birth or addresses
- usernames and passwords
- unauthorized funds transfers and credit card charges
- identity theft
- jeopardized company reputation
- compromised trade secrets and intellectual property
Consider these tips to minimize your risk of being the next victim:
- Implement strict policies and practices for accounting, bookkeeping and fiscal management. This should include daily activity reports by management to quickly detect unauthorized charge activity. Contact the financial institution promptly; don’t delay.
- Never proceed with an email request to transfer a large sum of money without dual control practices. One individual performs the requested transaction and a second individual approves and authorizes the change on a different trusted device.
- Always require at least two key people to authorize a financial transaction over a set amount or to a new vendor or bank account.
- Keep your anti-virus and firewall software up to date.
- Use a token if it is provided by the bank. Require strong passwords with a …read more
Cincinnati Insurance Company Blog: Cincinnati Insurance Company