Criminals are becoming increasingly sophisticated in their approach to online scams, with âsocial engineeringâ a common tool used by fraudsters.Â
Helping staff to understand how social engineering works is one of the most important frontline defences against cybercrime.
Social engineering is a tool hackers use to trick people into doing something they wouldnât normally do or divulge information they shouldnât. One of the most common ways criminals use social engineering is to send out emails that appear as though they are from major banks or tax authorities, requesting information such as personal details or bank account information. The hackers then use this information to compromise usersâ banks accounts or sell on the dark web.
âSocial engineering is a tool hackers use to trick people into doing something they wouldnât normally do or divulge information they shouldnâtâ
Itâs also often used in targeted spearphising attacks. The Australia Cyber Security Centreâs most recent Annual Cyber Threat Report explains that unlike generic phishing campaigns, spearphishing is designed to target specific people.
âAdversaries use tactics such as social engineering to research, identify and target high-value individuals within particular organisations. This can include using information found via professional and personal social media networks, and publicly available industry information such as annual reports, shareholder updates and media releases. The more refined and genuine a spearphishing email appears, the more likely users are to be deceived into opening malicious links and attached files,â the report explains.
As a result, itâs become more difficult to tell if an email or other message is from a real business, says Emergence Insurance CEO and founder Troy Filipcevic.
âCriminals have become much better at tricking people into doing something that, nine times out of 10, they wouldnât usually do. You might receive an email from the Australian Federal Police or the tax office that, at a glance, appears legitimate. Itâs not until you take a closer look that you start to see itâs not legitimate.â
Emerging threats
Fraudsters use a variety of media to distribute socially-engineered scams. A current scam involves a recorded voicemail message from the ATO that threatens jail if the recipient doesnât contact them. COVID-themed scams are also popular.
Invoice fraud is a perennial problem. This is a form of social engineering that involves a hacker compromising a businessâ IT system, falsifying a supplierâs invoice by changing the bank account details on it and sending it back to the business with a request to pay. Itâs not until weeks later when the supplier chases up the invoice that the business finds out the bill is unpaid.
There are steps businesses can take, such as regular education sessions, to help staff identify fake emails or other messages. Also put processes in place around changes to supplier bank details so more than one person in the business ratifies the change.
âPick up the phone, ring the business and say, âIâve got an email from you asking to change banking details. I just want to confirm these new bank account detailsâ,â recommends Filipcevic.
Itâs an idea to regularly check the Australian and Competition Consumer Commissionâs (ACCCâs) Scamwatch site and register for alerts. Cyber insurance plays a role, and can cover businesses for a range of cyber risks. But cyber insurance is just one of a range of mitigation steps all businesses must take to reduce the chance of cybercrime impacting operations.
Talk to your broker or adviser today about the best way to manage cyber risks now and into the future, through insurance and other risk management steps.
Important notice â Steadfast Group Limited ABN 98 073 659 677
This general information does not take into account your specific objectives, financial situation or needs. It is also not financial advice, nor complete, so please discuss the full details with your insurance broker or adviser as to whether these types of insurance are appropriate for you. Deductibles, exclusions and limits apply. These insurances are issued by various insurers and can differ.