What is social engineering fraud, and is it covered?

It's a scam where criminals trick employees into revealing confidential information; coverage varies by policy.

Social engineering fraud is a type of scam where cyber criminals manipulate or deceive individuals to disclose confidential or personal information. This information is then used to execute unauthorized actions or transactions. The fraudsters often pose as trusted figures like company executives, IT staff, or vendors, and may reach out via email, phone, or even in person, making it very difficult to distinguish them from legitimate contacts. As for insurance coverage, whether social engineering fraud is covered under cyber liability insurance depends on the specific policy and the insurer. Some policies may cover losses from these scams, while others might exclude them or require an additional endorsement. It’s important to thoroughly review and understand your insurance policy to know what types of fraud and cyber-attacks are covered.

Imagine an employee in the finance department receives an urgent email from someone posing as the CEO, requesting an immediate transfer of $50,000 to a specific bank account to finalize a supposed business deal. Trusting the email as legitimate, the employee complies, only to later discover that the email was fraudulent. This scenario illustrates how social engineering fraud can occur in real business environments. Whether the company's cyber liability insurance covers the lost funds would depend on their policy's specific terms regarding social engineering fraud.

To protect against social engineering fraud, always verify any unusual or urgent requests for sensitive information or financial transactions, especially those that seem to come from high-level executives. You can do this by independently confirming the request through a trusted communication channel, like a direct phone call. Additionally, train employees to recognize common tactics used in these scams. Regularly review and understand your cyber liability insurance policy's terms, and consider adding additional coverage if social engineering fraud isn't included.