What is Social Engineering Fraud?
 

No one wants to discover their business has become a victim of fraud. It can be an uncomfortable experience that could end up costing your company greatly.

At Allianz Trade, we believe prevention is always better than a cure. So, we’re looking to raise awareness of these unscrupulous activities. And, with our business fraud cover, we’re here to help if you’re unfortunate enough to be targeted.

Below, we share all there is to know about social engineering business fraud.

A social engineering fraud or ‘attack’ is when criminals attempt to con a person using impersonation. They try to win and exploit your trust, tricking you into disclosing information to enable a crime or handing over money.

Scammers use their strong social skills to manipulate their chosen victims, which is why it's called 'social engineering fraud.' This can be done over the phone, via email, or through chat apps. There is usually a sense of urgency to the communication which encourages prompt compliance and skipping typical verification and safety steps.

Social engineering fraud in business could include situations, such as criminals claiming to be:

• A supplier with an unpaid invoice
• A bank or other lender with a missed payment
• The tax man stating you’ve not paid the correct amount

As these scams are becoming more known, criminals have diversified their methods. These scammers will also adapt to their target’s behaviours and will go where their victims are. So, there’re many types of social engineering attacks. These include:

Phishing – The criminal will ‘phish’ for data by pretexting – impersonating someone in authority requesting some sort of action – and/or sending malware. In some cases, there’ll be a real person at the end of the line. In others, they’ll use interactive voice response (IVR) technology to target more than one person at once.

Read more: Financial crime: Payment fraud over the internet – what should you do?

‘Spear phishing’ is a type of phishing scam where the scammer impersonates someone the victim knows and trusts. A scam message could appear like it has come from a familiar email address and contain information about the victim (found on online) to make it look more authentic.

The term ‘whaling’ may also be used when senior executives and management are targeted.

Vishing – Similar to phishing, but a phone scam. These are calls where scammers claim to be representatives of a reputable organisation, such as a bank or government department, to obtain information.

SMiShing – Again, this is similar to phishing and vishing, but the scammer will contact you via text or WhatsApp.

Water-holing – When a group of people, usually from the same company or organisation, are targeted by infecting one or more websites they frequent. These scams are difficult to detect and are designed by criminals to gain access to a company’s computer network using malware.

Romance – Sometimes known as a ‘honey pot’ scam, this is when criminals develop a friendly or romantic relationship with emotionally vulnerable people, usually through social media, to try and obtain key information or money. In some cases, this can evolve into sextortion – where victims are coerced or tricked into sharing explicit photos or videos which are then used to blackmail them.

Quid pro quo – Bribery or blackmail to get the person to do what the criminals want.

Investment – Sometimes also known as ‘boiler room fraud’. People are tricked or pressured into investing in fraudulent or worthless business shares.

So, you now know what social engineering fraud is, but is it something you should be concerned about?

Fraud, and social engineering scams, may be more commonplace than you think. According to the Government’s Cyber Security Breaches Survey 2024, 50% of businesses and 32% of charities have experienced a cyber-attack in the last 12 months, with phishing the most common (84% of businesses and 83% of charities).
 

Percentage of organisations that have identified breaches or attacks
in the last 12 months

^{Source: Gov.UK, Allianz Trade}

35% of businesses and 37% of charities also reported scams by others impersonating organisations in emails or online, with viruses and other malware reported by 17% of businesses and 14% of charities.

The same survey report reveals that businesses could do more to protect themselves from attacks and their effects.

Percentage of organisations that have the following types
of insurance against cyber security risks

^{Source: Gov.UK, Allianz Trade}

Our own research has found that social engineering fraud cases have increased fivefold since 2014 (+400%).

If you would like assistance with risk prevention, detecting fraud, and covering the financial losses from such scams, Allianz Trade can help. Our business fraud insurance is a key part of many companies’ corporate risk management protocols and can protect your organisation too.

Whether phishing, quid pro quo, or a romance scam, we’re here to help.

As Vikshay Vijai, Fraud Insurance Sales Manager at Allianz Trade UK and Ireland, says:

“The tenfold increase in social engineering fraud over the last decade proves the fact that this threat is the most rapidly growing of all frauds we encounter.

“Businesses of all sizes are being easily manipulated by criminals into releasing confidential information that leads to their downfall, particularly in recent times with the advent of AI and modern technology.

“These firms must act fast as there is no time to lose before falling into such traps. We have a set of suggested measures that can be taken to stay vigilant, however, only a comprehensive fraud insurance policy can provide true peace of mind against Social Engineering risk.”