A Field Guide to Social Engineering Cyber Scams

A Field Guide to Social Engineering Cyber Scams

July 18, 2018 Business Insurance and Risk Management, The Beacon Blog 0 Comments

This article by Robert E. Braun of Jeffer Mangels Butler & Mitchell LLP (posted at http://www.mondaq.com/article.asp?articleid=719162&email_access=on&chk=2259918&q=1540756) provides a guide to scams used to gain access to personal and business information. Some of these terms are well known, others are unfamiliar. All of them are threats to anyone who uses a computer.

Phishing is a common term for emails, texts and other forms of social messages to trick victims into providing sensitive information. Many pose as legitimate entities asking for required information. “Spear phishing” is a more targeted version aimed at specific individuals or small groups.

Pretexting is a scam in which the perpetrator assumes the identity of a vendor, supplier or IT professional the victim can trust in order to lure them into providing desired information.

Baiting is luring a victim by offering a software update or other “improvement” which is actually malicious.

Quid pro quo is an offer of a service in exchange for information.

watering hole is an injection of malicious code into  public web pages of a targeted site.

Whaling is a combination of phishing and watering hole attacks targeting high level executives with seemingly legitimate requests.

Tailgating is unauthorized entry following an authorized entrant.

The best way way to counter these threats is to be suspicious of all unexpected messages, including phone calls, from unfamiliar sources. Any requests for money or information must be verified without using the email address or telephone number of the sender. Be especially suspicious of messages from sources outside the United States if you don’t know the sender’s identity. Report all suspicious messages to your IT professional.




About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.