Social Engineering

Miki Ho of Beazley Canada discusses why social engineering scams are on the rise. (Runtime: 3 min, 5 sec)

Size: 4.5 MB,   Time: 3 min, 5 sec   Text transcript  Download

broker on the go podcast


Miki Ho, cyber and technology underwriter with Beazley Canada, explains why social engineering scams are on the rise, and what brokers can do to protect their clients.

Related Article: Beazley reveals top cyber threats of 2017


Subscribe to our Newsletter 

Text Transcript

Miki Ho, cyber and technology underwriter with Beazley Canada.

Social engineering is a broad term for techniques attackers use to manipulate someone into providing confidential information or taking other actions that bypass normal security and assist the attacker in committing theft or fraud.

Social engineering may take place in person, but the primary means are by phone and by email. What we’ve seen in the Beazley book of business is a significant increase in social engineering that’s committed by email. In 2017 alone, we saw over 200 incidents in our book of business.

What we’ve seen in the last few years is a lot more sophistication in terms of the types of attacks that are happening. A lot of companies now are seeing emails from what looks to be one of their legitimate vendors.

They would go into that email, click a link, log in, use their typical credentials that they would use, everything looks fine, and on the back end, there’s a criminal who’s actually stealing that information and using it to perpetrate some sort of criminal activity.

Why did we see a spike last year in social engineering scams? I think the biggest reason is that criminals are realizing that if they can have more sophisticated means of using social engineering, they’ll have a lot more success.

They’re putting in a little bit more effort. They’re doing some research. They’ll take a look at a company, see who works there and send a personalized email to that individual. They realize that most companies will use certain vendors so they’ll use those vendors as the face of that email, and when people go online and log in, everything looks legitimate. These criminals will use those credentials, log on remotely to certain systems and they’ll have access to the entire network.

The biggest thing that brokers can do to educate their clients is to alert their clients that these sort of scams are happening. A lot of companies are now doing annual, quarterly, semi-annual employee training where they’ll send out phishing emails. If you click on that, it will take you to some sort of educational portal, and it’ll tell you what to look out for and that sort of thing.

There’s certain controls that can be in place, such as out-of-band authentication, so don’t just respond to an email. Pick up the phone, use a third party to verify that that email is legitimate. You can have dual signing so that certain amounts of money aren’t sent out without somebody else looking at it.

And the other thing that we offer at Beazley is an insurance product. So as much as employee training and security can be in place, at the end of the day, everybody makes mistakes and there’s insurance for that to help you manage these sort of situations, and to get you back up and running.

Copyright © 2018 Transcontinental Media G.P.
Transcontinental Media G.P.