Best practices to prevent becoming a victim of social engineering fraud
Increase staff awareness about social engineering fraud at all levels and across all parts of the business, in particular those who are likely to liaise with third parties and clients, not just the finance department. Quite often it’s the staff who deal with clients and suppliers every day who will request finance to make ad-hoc payments. Effectively communicating the risk of a social engineering loss only adds an extra defence barrier to preventing a fraud.
The 3 key actions to prevent being a victim:
- Identify
- Verify
- Authenticate
Here are some examples and best practices on how to mitigate and stop a social engineering loss occurring.
-
Fake president/CEO fraud:
- Always speak to the individual who has purportedly sent or given the instruction to make a payment.
- Always verify requests with another director, manager or supervisor and check the bank account is on an approved list which has been vetted.
-
Telephone payments & fund transfers:
- Avoid giving or accepting payment instructions via telephone or email.
- Only accept requests in writing and on company headed paper from a known point of contact in that organisation.
- Verify all requests with a call back procedure to confirm authenticity.
-
Email scams & requests to change bank account details:
- Check the name and email address of sender for spelling mistakes and if they are on approved list of contacts.
- Do not open any emails from unknown senders or with suspicious titles - they could contain viruses and expose the organisation to a cyber attack.
- Where an email appears to be from a known person, click on the email address to ensure it’s not hiding a bogus address.
- Using a call back procedure to authenticate the request can avoid being victim to a fraudster impersonating a known contact.
- Check the client file for any history of previous requests to amend bank account details or send large sums to a new account.
-
Managing suppliers & vendor details:
- Maintain an approved list of suppliers and vendors, including key contacts with email addresses and telephone numbers.
- Ensure Suppliers and Vendors know that any requests to change bank account details should be sent in writing on company headed paper, signed by an approved person.
- Have a dual control procedure in place when appointing new suppliers to prevent fictitious vendor fraud.
The benefit(s) payable under eligible certificate/policy/product is(are) protected by PIDM up to limits. Please refer to PIDM’s TIPS brochure or contact Chubb Insurance Malaysia Berhad or PIDM (visit www.pidm.gov.my)
This content is brought to you by Chubb Insurance Malaysia Berhad, Registration No. 197001000564 (9827-A) (“Chubb”) as a convenience to readers and is not intended to constitute advice or recommendations upon which a reader may rely. Any references to insurance cover are general in nature only and may not suit your particular circumstances. Chubb does not take into account your personal objectives, financial situation or needs and any insurance cover referred to is subject to the terms, conditions and exclusions set out in the relevant policy wording. Please obtain and read carefully the relevant insurance policy before deciding to acquire any insurance product. A policy wording can be obtained at www.chubb.com/my, through your broker or by contacting any of the Chubb offices or Chubb agents. Chubb makes no warranty or guarantee about the accuracy, completeness, or adequacy of this content. It is the responsibility of the reader to evaluate the quality and accuracy of material herein.
Have a question or need more information?
Contact us to find out how we can help you get covered against potential risks