Nine-fold rise in social engineering scams
Written by staff reporter
Data breaches resulting from social engineering scams were up nine-fold in 2017, according a report compiled by Beazley. It says that while hacking and malware prevail as the major causes of data breach, scams involving deception have spiked over the course of the year.
Fraudsters use social engineering attacks to prey on employees’ roles in their companies in order to orchestrate the disclosure of sensitive information or the wire transfer of money to criminal recipients. These exploits generally take one of two forms. The first, so-called W-2 scams, typically occur during the months leading to tax filing deadlines when criminals use targeted emails to persuade a specific company employee to forward copies of all the company’s employees’ W-2 forms. This often results in the criminals filing false tax returns, based on the improperly forwarded W-2 information, to claim refunds. The second category, fraudulent instruction, occurs when a fraudster impersonates a trusted party, such as a company executive or a payment system vendor, to cause a fraudulent payment, often a wire transfer, to be made into the fraudster’s account.
Katherine Keefe, global head of Beazley Breach Response (BBR) Services, said social engineering can be quicker, easier and cheaper to implement for cybercriminals than stealing data and can be much more lucrative and that Beazley was concerned at the rapid development of this trend: "We are urging our clients to implement tighter security and internal process controls, such as a requirement for dual authorisation, and ensure that their employees are fully trained to spot potential attacks in order to reduce the chances of this happening.”
In the first three quarters of 2016, social engineering attacks accounted for 1% of the incidents handled by Beazley. This soared to 9% of the 2,013 incidents reported in Q1-Q3 2017. Professional services firms had the highest percentage of social engineering breaches followed by financial institutions and higher education institutions.
Hacking and malware remained the most prevalent cause of data breach during the first nine months of 2017 at 34% of the total reported to Beazley. Hacking and malware includes cyber extortion which accounted for 30% of these attacks. Unintended disclosure remained a major cause of breaches, despite having dipped slightly from 35% in Q1 2017 to 29% for the first nine months of 2017.