We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:



Social Engineering Fraud: Could You be Hooked by a Phishing Scam?

Posted by Eleni Petros 19 January 2017

You receive an email appearing to be from your bank, saying that your account has been compromised. It warns you to act quickly and includes a link that prompts you to fill out your banking information.  Do you fill it out?

If you answered yes, you could be susceptible to “social engineering fraud” known as “phishing”. Social engineering fraud refers to a variety of techniques used by fraudsters to gain information. They deceive and manipulate victims into voluntarily performing actions which result in them giving out confidential information or transferring funds.

Email scams are becoming increasingly sophisticated. In many cases, they piece together information from various sources, such as social media and intercepted correspondence, in order to appear convincing and trustworthy while perpetrating the fraud.

Can you prevent it?

Like other types of cyber-attacks, the risk of falling victim to an email scam cannot be completely eliminated. Even if your business has robust systems and controls in place, it is still extremely difficult to prevent attacks. However, there are steps you can take to reduce the risk of your business being caught out:

  • Beware of any emails asking for personal information: Phishing emails generally come from someone pretending to be in a position of authority and often convey a sense of urgency.
  • Educate employees on the risk: Make sure they know what forms email scams can take and who to contact if an email looks suspicious.
  • Identify likely targets: Employees that hold large amounts of sensitive or confidential information are the most attractive targets for these scams.
  • Review IT security and controls to make sure they are as robust as possible.

Will insurance cover loss?

Appropriate crime insurance may protect you from the financial consequences of social engineering fraud. It is not always clear whether traditional crime insurance covers losses from a phishing scam attack. In order to make sure you are covered, you should make sure your policy includes:

  • An “all-risks” definition of fraud/crime to encompass social engineering loss.
  • A robust proof-of-loss provision.
  • No continuing condition precedents or systems of checks for coverage to apply.
  • Affirmative cover for verification costs following a fraud.
  • No “voluntary transfer” exclusion.

Along with other types of social engineering fraud, email scams can lead to large financial losses for a company. However, having the right controls in place, combined with the appropriate insurance, can help prevent or mitigate devastating losses.

Eleni Petros