Social Engineering Reaching New Heights

curtis_oshaugnessy_social_engineering_reaching_new_heights

Here’s a scary local story.

Social Engineering: “The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.”

A Frightening New Era

Let’s remember what we are up against at this point in time.  There are firms overseas with large HR departments that strictly engage in cyber crime.  Think about the time you spend with your marketing team developing your advertising and brand; I’m sure there’s a high level of sophistication.  Now imagine putting all of those resources towards deception. It is frightening what we find ourselves up against.

Any Individual or Corporation can be a Victim of Social Engineering

Here’s a story a business associate shared with me the other day:

My business associate works for a law firm locally (let’s call them Hoppell LLP for this story) that represents a manufacturing company.  He has worked with their CFO for about five years now and has hundreds of email correspondences each year.  They know personal details about each other and recognize how they communicate through email.  Both Hoppell and the manufacturing firm are large corporations with great IT processes in place.

At some point in the last couple of months, the manufacturing firm was hacked without knowing it, and the perpetrators have sat idly within their system, looking through emails and learning about their vendors and clients. 

Hoppell does a good job at purchasing all domain names close to theirs to avoid fraud.  (For instance, if their domain was hoppell.com, you would buy hooppell.com, hopell.com, hoppel.com, and so on.)  One of the domain names came up for renewal, (hoppelll.com) and their team forgot to renew purchasing that domain name.  The hackers immediately purchased the available domain name knowing they were a partner of the manufacturing firm.

This past week, my associate at Hoppell sent a rather large invoice to the CFO at the manufacturing firm,  and CC’d two additional partners at Hoppell.  Two days later, the hackers sprung into action.  They copied the email from Hoppell, including exact email signatures, and sent the CFO a follow-up email, with the other partners CC’d, all from the domain name that was one letter off (hoppelll.com).  So the CFO received a “reply” from my associate, CC’ing the other partners, but all coming from hoppelll.com.  The hackers explained that they updated their banking information, provided new instructions, and brought up personal information they had seen in correspondence from months before.  They went back and forth with about 10 emails confirming the changes and the invoice.

Luckily, the manufacturing firm has a compliance department that ran compliance tests and noticed the three l’s in the email domain, and they caught this before sending hundreds of thousands of dollars to a random account.  Unfortunately, most of us do not have internal Compliance Offices, and would probably have been subject to sending thousands of dollars, on our own accord, to an unknown bank account.  Remember, there’s no cyber coverage for you sending money on your own accord to a random bank account.

Protect Yourself and Your Business Now

That’s where Social Engineering Endorsements on Cyber Insurance Policies come into play.  Having rock solid IT processes in place are obviously the most important thing possible, but with cyber crime becoming increasingly sophisticated, (think deep fakes, AI, voice technology) it is absolutely imperative to include Social Engineering Fraud in your Insurance Program.  According to Travelers, from their data, Social Engineering Fraud targets:

  • 35% of large businesses
  • 22% of medium businesses
  • 43% of small businesses

Don’t wait to get this valuable coverage. All businesses are at risk!

Click Here for More Information about Curtis O’Shaughnessy

About Leavitt Group Los Angeles

Share This Post
Curtis O’Shaughnessy is currently a Vice President of Commercial Lines at Leavitt Group’s Los Angeles location in Woodland Hills. Curtis specializes in Technology, Wholesaler-Distributors, Logistics firms & Manufacturers. Before entering into insurance Curtis worked as Director of Sales & Marketing for a luxury resort on the island of Maui for 9 years and owned a small property management company. Curtis grew up in Hawaii and moved to California to attend college on a golf scholarship, graduating in San Diego from California State University San Marcos with a B.S. in Business Marketing. In addition to Echelon 2, Curtis is a member of Association for Corporate Growth in both the Los Angeles and Ventura Chapters and is an Ambassador for the Valley Industry & Commerce Association. Curtis also is a coach/volunteer for The First Tee which provides underprivileged kids golf instruction and life lessons. Curtis currently resides in Westlake Village. He is an avid golf and tennis player, loves water sports, and enjoys the mountains and snowboarding. Travelling and cooking are two of his biggest passions to go along his love of sports.