Cybercriminals step up social engineering during pandemic
Cybercriminals have been going to great lengths throughout 2020 to get their hands on confidential information such as log-in details that let them bypass a company’s security systems and commit theft or fraud by manipulating employees using fake or doctored emails. While this form of online social engineering had declined from Q4 2019 to Q1 2020, the arrival of the global pandemic provided cybercriminals with the perfect cover for ramping up email attacks. Coinciding with the increase in remote working during the second quarter, our global data has shown employees have been more likely to fall for social engineering scams, with organizations in the middle market most likely to be victimized.
Techniques such as email phishing used to manipulate someone into providing confidential information, e.g. log-in credentials, or taking other actions that bypass normal security to help the attacker commit theft or fraud.
An email created to look like it comes from a trusted source that is designed to induce a recipient into sharing sensitive information, download malware or visit an infected website.
A social engineering attack in which compromised email credentials or spoofing are used to induce an employee to make a wire transfer or other electronic payment to a bank account controlled by a cybercriminal.
Remote working poses challenge for prevention and detection
During the second quarter of 2020, cybercriminals had greater success in duping employees with phishing and social engineering scams. The number of incidents involving social engineering and business email compromise (BEC) reported to Beazley Breach Response (BBR) Services grew over Q1, even as the total incident count fell slightly.
The majority of social engineering attacks result in a BEC, where the cybercriminal gains access to an email account. However, in Q2 cybercriminals were most successful in stealing funds using social engineering techniques to provide fraudulent payment instructions without a system compromise.
With the expansion of the remote workforce, detecting and preventing social engineering scams has become more difficult. Employees are typically the first line of defence, but working remotely can make it harder for employees to maintain a culture of compliance. While the increase in distractions that come with caring for family members while working have been widely discussed, physical separation from the workplace is also a factor. Without a coworker to converse with at the next desk, employees are less likely to do a “sense check” of a suspicious email. In fact, BBR Services has handled an increase in notifications involving employees who admit they did not notice anything suspicious.
In another development, BBR Services has noted a slow-down in the speed at which companies detected that payments were being redirected, particularly if the change to payments had occurred near the beginning of the pandemic response.
For more information about how we can protect your Business against Cyber Breaches, please click here
For the full article by Beazley Insurance, please click here