Chubb has released a new whitepaper, co-authored with Gordon Rees Scully Mansukhani LLP and PaymentWorks, that explores the common types of email social engineering schemes, particularly involving payments and suppliers, and how today’s cyber criminals are employing more sophisticated social engineering attacks than in the past. The paper, “Guarding Against Email Social Engineering Fraud: Re-examining a Global Problem,” also discusses ways in which companies can deploy technology and update their business practices to help verify information received electronically and authenticate the identity of business partners.
“With the heightened level of deception and manipulation involved in these attacks, email security requires a zero-trust approach,” said Christopher Arehart, Senior Vice President, Crime Product Manager, Chubb Financial Lines. “Therefore, it remains critical that businesses invest in updated technology defenses as well as adapt their processes and fundamentally change their procedures to fill the defense gaps that are weakened by compromised email.”
The FBI estimates that cyber criminals stole more than $28 billion through email fraud from 2016-2020, with an average loss per incident of more than $150,000.
According to the Chubb whitepaper, the most common social engineering fraud schemes include impersonation of executives, vendors and suppliers, exploitation of email accounts, and manipulation of vendor management accounts. Additionally, depending upon the type of scheme, the best ways to prevent these attacks include:
–Reconfiguring corporate email systems to better screen for spoofed emails and require Multi-Factor Authentication (MFA), to support more secure messaging from corporate email accounts;
–Reevaluating and rebuilding vendor management processes to account for changes to vendor data, rather than address them ad hoc during the payment process; and,
–Authenticating the information provided by using a modern technology platform that allows companies to onboard vendors or payees in a secure network environment to prove and verify identity.
To learn more, download the paper, “Guarding Against Email Social Engineering Fraud: Re-examining a Global Problem.”
To learn more about commercial crime insurance and social engineering coverage, visit www.chubb.com/us/crime, or contact your Chubb agent or broker.
Chubb is the world’s largest publicly traded property and casualty insurance company. With operations in 54 countries, Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance and life insurance to a diverse group of clients. As an underwriting company, we assess, assume and manage risk with insight and discipline. We service and pay our claims fairly and promptly. The company is also defined by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength and local operations globally. Parent company Chubb Limited is listed on the New York Stock Exchange (NYSE: CB) and is a component of the S&P 500 index. Chubb maintains executive offices in Zurich, New York, London, Paris and other locations, and employs approximately 31,000 people worldwide. Additional information can be found at www.chubb.com.
About Gordon Rees Scully Mansukhani – Your 50 State Partner®
As the only law firm with offices and attorneys in all 50 states, Gordon & Rees delivers maximum value to our clients by combining the resources of a full-service national firm with the local knowledge of a regional firm. Featuring more than 1,000 lawyers nationwide, we provide comprehensive litigation and business transactions services to public and private companies ranging from start-ups to Fortune 500 corporations. Founded in 1974, Gordon & Rees is recognized among the fastest growing and largest law firms in the country. The firm is currently ranked among the 25 largest law firms in the U.S., the top 45 firms for diverse attorneys, and the top 25 firms for female attorneys in the Am Law 100.
PaymentWorks and our company’s Business Identity Platform eliminates the risk of business-payments fraud, which costs US businesses more than $20 billion a year. Automating a complex, manual, people-intensive, and error-prone payment process, PaymentWorks works with leading organizations across myriad industries, including Hackensack Meridian Health, Johns Hopkins, and University of Kentucky, protecting them from business payments fraud and ensuring regulatory compliance. To learn more about how we do it and the partners we work with, visit our website, check out our blog or listen to our new podcast series, “Risky Business“.