Insurance companies are raising rates and deductibles on social engineering liability claims

Don't get "social engineered"  Here are common fraud schemes to avoid! Insurance companies are raising deductibles on claims for damages from social engineering attacks. Underwriting guidelines for False Pretenses exposures are going up when renewing Fidelity and Crime policies

1. Phishing fraudulent emails, claiming to be from a reputable and trusted source.

eg: an email that appears to come from a customer success manager at your bank that requires you to reply with your full name, birth date, social security number and account number first so that they can verify your identity. Or an email from an email address you recognize that has been hacked, asking you to buy them a gift card and send a photo of it to them.

2. Spear phishing   scouring a target's public social media profiles to find information about them to create a targeted attack. Example: an individual regularly posts on social media that she is a member of a particular gym. Then comes a spear phishing email that appears to come from her local gym. 

3. Vishing   calling pretending to be from the IRS - tries to scare the victim into giving them personal information or compensation. often target older people

4. Smishing  Scams sent through SMS/text messaging.  

5. Pretexting  Impersonating someone in a powerful position to persuade you to give out info -police officers, higher-ups within the company, auditors, investigators often with threats of arrest or court action

6. Baiting Offering a free download, USB drive or gift card in an attempt to trick the user into providing credentials.  

7. Tailgating  closely following an authorized user into the area without being noticed by the authorized user. An attacker may tailgate another individual by quickly sticking their foot or another object into the door right before the door is completely shut and locked. 

8. Piggybacking  You hold a door open for a stranger, or for someone claiming to be a new employee who has forgotten his access card or key. 

9. Quid Pro Quo r calling the main lines of companies pretending to be from the IT department, attempting to reach someone who was having a technical issue.