How to safeguard your business against social engineering

When you hear the term “identity theft,” the first thing you might think of is individuals being targeted for their personal information. What doesn’t get talked about as much, yet results in millions in lost revenue each year, is identity theft as it relates to businesses.

dummy Digital fraud in the workplace is a lot more common than most people think.

That means more elusive incidents, using a combination of digital tools like emails together with social manipulation tactics called “social engineering,” can and does happen. Particularly for small and medium-sized companies, the consequences can be devastating.  From my point of view as Cyber, Crime & Fraud Insurance Specialist, the retail and distribution sectors are particularly vulnerable to this lesser-known form of fraud, and people should know how to protect their company and employees.

All businesses face some risk. There is no such thing as zero risk. However, it is possible to reduce risk if you are informed. It’s important to know the newer types of fraud we are seeing because fraudsters are taking advantage of gaps in dummy retail and distribution sectors’ security. The current global context of shortages and disruptions means margins are tight. But companies still need to do business – and sometimes they choose to do so without investigating who their customers or providers are.

This perfect storm has given rise to some of the most common, if lesser-known types of scams. The most common type of fraud is identity theft, whereby the criminal combines real and fake information to create a new identity – usually, that of a customer, or high-level company representative.

Invoice fraud

Sending a fake invoice to a business, the criminal tricks store managers into making a payment to the wrong bank account. The payment is then diverted to a foreign account with no way to block the transfer or recover the money.

Fake purchases

Taking on the identity of a real client, the fraudster places big orders of high-value goods from an unsuspecting supplier. They then disappear with the goods, leaving behind an unpaid invoice.

CEO Fraud

Using social engineering and deepfake-style techniques, a scammer pretends to be a company executive and asks well-targeted employees to make urgent and confidential payments or offer up sensitive information.

This last type of fraud happened to a UK-based energy firm in 2019. The company’s CEO thought he was speaking to the CEO of the firm’s German parent company. The caller then made an urgent request for the executive to send funds to a Hungarian supplier within an hour.

Sales move fast today, and taking the time to perform background checks is at odds with making fast-paced business decisions to close more sales. Unfortunately, retail sector business owners just don’t know enough about potential or actual frauds that exist. So, before fraud can occur – that is, before a sale – owners need to be extra diligent. They should perform security or background checks. Knowing your clients goes a long way in customer fraud prevention. Merchants who don’t take precaution risk being left with unpaid invoices, or worse.

Working with professional advisors can build extra security into your business by detecting and prevent fraudulent situations. When seeking out coverage, look for an insurer who understands retail-specific fraud and the exact coverage needed for your business.

The key to preventing fraud is to be aware, and to inform yourself on how to best meet the specific needs of your business. We can advise companies and help them gain much-needed peace of mind and an overview of what tools are adapted to their specific business requirements.