What is it?
Social Engineering Fraud (SEF) is when a fraudster gains the trust of an individual, usually within a role of influence within a business, and ‘tricks’ them into sharing confidential information or even transferring funds directly to the criminal. Unlike hacking, which is usually an alteration of a system’s software or code by an external hacker, SEF relies heavily on human interaction and the victims are generally none the wiser about what is going on.
The tricks used vary from accessing emails containing corrupted links, phone calls or more commonly an email that impersonates a trusted employee, vendor, supplier, customer or even a CEO. Such emails are commonly called ‘phishing’ emails.
When impersonating these individuals, the fraudster is likely to have already been monitoring internal communication for some time, meaning it’s easy for them to replicate their victim’s normal communication style and patterns. The fake email typically requests that banking and payment details be changed, or urgent payments be processed via EFT to new accounts. In this scenario it may go unnoticed until the actual vendor follows up for payment of their usual monthly issued invoice.
What does it cover?
Different policies provide different levels of protection against this increasingly common type of fraud.