Chubb has released a new whitepaper, co-authored with Gordon Rees Scully Mansukhani and PaymentWorks, that explores the common types of email social engineering schemes, particularly involving payments and suppliers, and how today's cyber criminals are employing more sophisticated social engineering attacks than in the past.
Scott Schmookler, partner in the firm's Chicago office, co-authored the paper, "Guarding Against Email Social Engineering Fraud: Re-examining a Global Problem," that discusses ways in which companies can deploy technology and update their business practices to help verify information received electronically and authenticate the identity of business partners.
"With the heightened level of deception and manipulation involved in these attacks, email security requires a zero-trust approach," said Christopher Arehart, Senior Vice President, Crime Product Manager, Chubb Financial Lines. "Therefore, it remains critical that businesses invest in updated technology defenses as well as adapt their processes and fundamentally change their procedures to fill the defense gaps that are weakened by compromised email."
The FBI estimates that cyber criminals stole more than $28 billion through email fraud from 2016-2020, with an average loss per incident of more than $150,000.
According to the Chubb whitepaper, the most common social engineering fraud schemes include impersonation of executives, vendors and suppliers, exploitation of email accounts, and manipulation of vendor management accounts. Additionally, depending upon the type of scheme, the best ways to prevent these attacks include:
- Reconfiguring corporate email systems to better screen for spoofed emails and require Multi-Factor Authentication (MFA), to support more secure messaging from corporate email accounts;
- Reevaluating and rebuilding vendor management processes to account for changes to vendor data, rather than address them ad hoc during the payment process; and,
- Authenticating the information provided by using a modern technology platform that allows companies to onboard vendors or payees in a secure network environment to prove and verify identity.
Schmookler focuses his practice on commercial and construction litigation, insurance coverage, and cyber security. He frequently is retained to represent insurers in complex coverage disputes across the country and regularly counsels clients on insurance issues relating to technology, cybercrime, cyber security, and data breaches.
Chubb is the world's largest publicly traded property and casualty insurance company. With operations in 54 countries, Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance and life insurance to a diverse group of clients. As an underwriting company, we assess, assume and manage risk with insight and discipline. We service and pay our claims fairly and promptly.
PaymentWorks and its Business Identity Platform eliminates the risk of business-payments fraud, which costs US businesses more than $20 billion a year. Automating a complex, manual, people-intensive, and error-prone payment process, PaymentWorks works with leading organizations across myriad industries, including Hackensack Meridian Health, Johns Hopkins, and University of Kentucky, protecting them from business payments fraud and ensuring regulatory compliance.
To access the whitepaper, please click here.