skip to main content
Cyber

Best practices to prevent becoming a victim of social engineering fraud

01/2018
Suspicious businessmen giving and recieving a bribe

Communication is key

It is important to communicate and increase awareness of the risk of social engineering fraud to all staff, and not just the finance department. Ad-hoc payment requests to external third parties and clients are often requested by ground staff, and effectively communicating the risk of a social engineering loss can add an extra defence barrier to preventing a fraud.

 

3 key actions to take to prevent being a victim of social engineering fraud:

  • Identify
  • Verify
  • Authenticate

 

Here are some examples and best practices on how to mitigate and stop a social engineering loss occurring.

 

Fake president / CEO fraud

  • Always speak to the individual who has purportedly sent or given the instruction to make a payment.
  • Always verify requests with another director, manager or supervisor and check the bank account is on an approved list which has been vetted.

 

Telephone payments & fund transfers

  • Avoid giving or accepting payment instructions via telephone or email.
  • Only accept requests in writing and on company headed paper from a known point of contact in that organisation.
  • Verify all requests with a call back procedure to confirm authenticity.

 

Email scams & requests to change bank account details

  • Check the name and email address of sender for spelling mistakes and if they are on approved list of contacts.
  • Do not open any emails from unknown senders or with suspicious titles - they could contain viruses and expose the organisation to a cyber attack.
  • Where an email appears to be from a known person, click on the email address to ensure it’s not hiding a bogus address.
  • Using a call back procedure to authenticate the request can avoid being victim to a fraudster impersonating a known contact.
  • Check the client file for any history of previous requests to amend bank account details or send large sums to a new account.

 

Managing suppliers & vendor details

  • Maintain an approved list of suppliers and vendors, including key contacts with email addresses and telephone numbers.
  • Ensure Suppliers and Vendors know that any requests to change bank account details should be sent in writing on company headed paper, signed by an approved person.
  • Have a dual control procedure in place when appointing new suppliers to prevent fictitious vendor fraud.


Read more about how Chubb can offer you bespoke commercial crime insurance.

 

No part of this article may be reproduced in any written, electronic, recording, or printed form without written permission of Chubb.

Disclaimer - The content of the above article is not intended to constitute professional advice. Although all content is believed to be accurate, Chubb Insurance Singapore Limited (Chubb) makes no warranty or guarantee about the accuracy, completeness, or adequacy of the content of this article. Users relying on any content do so at their own risk.

Contact Me
Contact Me

Have a question or need more information?

Leave your contact details and our representatives will get in touch with you.