The progression of technology (unfortunately) has come with the price of increased social engineering scams. Let’s take a recent client story as an example. Everything seemed fine. They had purchased a sculpture from a reputable gallery in Europe, and their assistant received an email requesting payment. So, she wired the funds. But unfortunately, that email was a well-designed fake and by the time they discovered the fraud, their money was lost to an untraceable foreign account.
The clients were victims of social engineering fraud—a series of scams in which criminals pretend to be someone trustworthy to fool you into giving them money or valuable information. These impostors are increasingly plaguing affluent individuals, family offices and closely held businesses.
How social engineering scams work
While these crimes often use email, texts or social networks, they don’t necessarily involve hacking. The scams can be perpetrated over the phone, in the mail, or face to face. The ones who defrauded the fine art collector only knew that the collector had made a purchase at a particular gallery and the assistant’s email – information which is either public or easy enough to find.
Other times, malevolent social engineers break into a computer network or steal a password. But, most commonly they attack email systems, which give clues about how to get someone’s money. The hackers might notice a pattern in the way an individual receives invoices or pays bills and then send a fake email that looks just like a real one, except it says to send money to an offshore account.
How to prevent social engineering fraud
1. Get everyone involved
Make sure that everyone with access to your personal information and especially the financial accounts—family, staff, business assistants, outside advisors—is looking out for impostors and follows the same procedures.
2. Protect information that can be exploited
If you keep a low profile in the press and on social media, it’s harder for criminals to gather facts that could be used to impersonate you, such as your location or, say, recent acquisitions. Explain to family and staff how innocuous Instagram posts or comments could be the link in a scheme to break into your bank account.
3. Watch out for signs of fraud
Many social engineering scams are easy to detect. Even if you see a familiar logo, see if the format of the email or letter differs from what you usually receive. An excuse to bypass normal procedures is another clue. Be especially wary of requests that appear on nights or weekends, insist on urgent deadlines, or give new contact information.
4. Independently verify every request for money or important information
The most critical step! Anyone with access to financial accounts needs to follow a strict protocol that verifies every request for transfers or payments through a separate method. Mostly, that means picking up the phone to ensure the transaction is legit. But rather than call numbers or click links in the initial request, make sure they use contact information from a known valid source. Depending on circumstances, you may want to develop a system of codes or other methods to authenticate transactions.
5. Be wary of anyone offering computer support
Hackers often impersonate representatives from technology companies, or the consultants, that provide computer help to families and small businesses. They ask for passwords or get victims to install “software updates” that only update the criminals about the information on your computer. Again, independently verify anyone asking for access to your computer with the same procedures used for protecting financial accounts.
6. Get help
Consider hiring a security expert to look for weaknesses in your network and set up secure procedures. Speak with your broker who can most likely provide access to consultants for a one-time checkup or continuous monitoring.
What if you are a victim of a social engineering fraud?
Unfortunately, there’s not a lot to do. Oftentimes, these scams send your money overseas right away in a series of transfers that can’t be traced. Your bank typically won’t reverse a fraudulent wire transfer the way it would with a problem credit card charge.
If you purchased a cybercrime endorsement to your homeowners policy, it might cover losses from a social engineering fraud. But limits for this coverage are limited, often $50,000 to $250,000.
In other words, make sure that you, your family and staff know when an email (or text, call or letter) arrives asking for money, it’s essential to think twice and verify it’s not from an impostor.
While each social engineering scam may be different, the best way to protect yourself is to practice preventative measures. Create a process with double checks and a plan for independent verifications for any transaction of significant size. Don’t forget to speak with your broker to ensure you have the right protection in place in the event you do become a victim of social engineering fraud.