What is Social Engineering Fraud Insurance? 

Social engineering fraud is part of a type of cyber (internet-based) crime. In simple terms, it’s when a cybercriminal tricks a person at home or in a business into sharing confidential information or transferring money, which the criminal steals. With seven out of 10 businesses experiencing some type of cyberattack in the past five years, social engineering crimes are a problem for both small and large businesses.

Cyber Insurance is a specific type of insurance policy that has been developed to cover the loss of money, data and confidential information stolen by cybercriminals. 

Human-based:
This involves person-to-person communication such as:

• impersonation
• posing as an authorised user (like your boss)
• posing as a third-party stakeholder
• shoulder surfing to gain private credentials
• dumpster diving to check your computer's trash for valuable information.

Computer-based:

This approach generally targets victims via computer software, often by:

1. Baiting - uses false promises to incite curiosity and greed in the victim.
2. Phishing - uses spam email and text messages to trick users into entering their personal info, clicking malicious links, or downloading attachments that contain malware. 
3. Pretexting - falsely mimics an authoritative person to gather information (policeman, doctor, bank representative, etc.).
4. Spear phishing - more targeted emails or texts to a person that mimics someone the person knows, especially in the context of business, like the employer of the victim, using personal information to trick the person into believing the criminal is real. 
5. Scareware - arouses fear and panic in its victim so the victim will act, such as paying a fake bill or calling before service is suspended for non-payment.

Unfortunately, these types of crimes can and do frequently go unnoticed until confidential data has been stolen or funds have been transferred, and it's too late to recover them. It’s difficult to eliminate the risk of social engineering fraud, and criminals are increasing their attacks. Fortunately, a comprehensive Cyber Insurance policy can cover losses caused by social engineering attacks.

Why is Social Engineering Fraud Insurance important?

Businesses are becoming more integrated into the digital community – from banking, health insurance, and buying goods or services online. This leaves a lot of ways that people and companies can be exposed. In Australia, a cybercrime report is made approximately every eight minutes.

While anyone can be the subject of social engineering attacks, there are certain groups scammers typically target, due to factors such as seniority, access to sensitive information, or ability to access systems. These include:

• high-profile individuals
• senior management
• system administrators 
• staff members (mainly from finance, legal, etc).

Ultimately, no matter what your position is within the organisation or existing cyber defences, no one really is immune to being scammed and becoming a victim of social engineering or cybercrime. As part of your risk management, a Social Engineering Insurance policy can minimise the impact and financial loss to the business.

What does Social Engineering Fraud Insurance cover?

It’s important to know that cyber risks and social engineering fraud are not usually covered under the normal Business Insurance policy, so you’ll need to look at these separately.

As mentioned, Social Engineering Fraud cover is part of a Cyber Insurance policy that covers:

• incident response – specialists to identify the breach and remove the cause
• financial loss and additional costs due to the incident
• data recovery and restoration
• legal defences costs
• cyber extortion management and fees
• crisis and PR management of the incident.

Your policy should extend to cover losses due to impersonation of vendor/suppliers, executives, and clients.

Because different businesses and industries have different levels of complexity and risk, we recommend talking with your insurance adviser. They’ll work with you to understand your business, provide you with advice to manage your risks, and recommend the best insurance options and solutions.

Frequently Asked Questions

What is an example of social engineering?

Social engineering crime, in simple terms, is when a cybercriminal tricks a person at home or in a business into sharing confidential information or transferring money, which the criminal steals. Examples include phishing which tricks users into entering their personal info, clicking malicious links, or downloading attachments that contain malware, giving the criminal access to the computer.

What are the the main types of social engineering attacks? 

The five most common social engineering attacks are:

(1)    baiting
(2)    phishing 
(3)    pretexting
(4)    spear phishing
(5)    scareware.

What is an example of social engineering phishing? 

Phishing is a social engineering trick that sends out spam emails or texts to trick users into entering their personal info. By clicking malicious links, they are redirected to a scam webpage, where the victim is tricked into handing over sensitive personal information or downloading attachments that contain malware, giving the criminal access to the computer.

Is social engineering fraud a type of cybercrime in Australia? 

Yes, many forms of social engineering happen within cyberspace. A criminal pretends to be someone else and tricks the victim into giving them information or access to their computer, or transferring money. Any social engineering tactic constitutes fraud and qualifies as cybercrime.