Individuals & Families
About Us
Celebrating Our 75th Anniversary
Learn More Claims
Claim Center
We're in the business of helping people, providing prompt and personal claims service when you need us the most.
Call 877-242-2544 anytime, day or night, to report claims. You may also contact your independent agent to report a claim.
- Personal & Business ClaimsLearn More
- Life ClaimsLearn More
- Workers' Compensation ClaimsLearn More
Insurance Resources
Plan & Protect
Reduce risks and enjoy peace of mind with these tips and insights to protect what matters most.
Severe Weather
Individuals & Families
Insurance Insights
Don't Be Fooled by Social Engineering
Personal Cyber
July 11, 2025
Fraudsters may attempt to exploit human weakness to obtain confidential information or assets.
Technology has improved efficiencies, added convenience and helped many companies grow at an incredible pace. Even with advancements in technology, human interaction and error-prevention still play a critical role in protecting our assets. A type of computer fraud called social engineering entails manipulating and deliberately deceiving a person and exploiting human weakness to obtain confidential information or assets such as cash.
Social Engineering Examples
Phishing
An email appears to come from a bank, an associate, friend or family member, causing the victim to trust the source. This request could contain a hyperlink or an attachment with malware that allows the attacker to access the victim’s computer, email account, contacts or social network accounts so that attacks can expand to other computers. While phishing is an email sent out to hundreds or thousands of target recipients, spear phishing is an email sent to one specific recipient and is a common means of social engineering.
Fraud
An email appears to come from a trusted source – usually a superior in the workplace – directing the recipient to issue a check or initiate a wire transfer of money to an overseas account. These scams work because the sender has created and uses an email address similar to that of the actual superior. For example, john@acmecorp.com may be presented with an extra “r” as in john@acmecorrp.com, tricking the recipient into believing the request is truly from a superior.
Costly Incidents
Social engineering scams often result in the theft of:
- account numbers and personal identification numbers (PINs)
- personally identifying information
- confidential customer information such as Social Security numbers, dates of birth or addresses
- usernames and passwords
Consequences could include:
- unauthorized funds transfers and credit card charges
- identity theft
- jeopardized company reputation
- compromised trade secrets and intellectual property
Tips to Minimize your Risk of Being the Next Victim
Policies
- Implement strict policies and practices for accounting, bookkeeping and fiscal management.
- This should include daily activity reports by management to quickly detect unauthorized charge activity. Contact the financial institution promptly; don’t delay.
- Always require at least two key people to authorize a financial transaction over a set amount or to a new vendor or bank account.
- Never proceed with an email request to transfer a large sum of money without dual control practices.
- One individual performs the requested transaction, and a second individual approves and authorizes the change on a different trusted device.
Software and Passwords
- Keep your anti-virus and firewall software up to date.
- Use a token if it is provided by the bank.
- Require strong passwords with a minimum of eight characters incorporating uppercase, lowercase and wildcard characters, and change them regularly.
Conduct Regular Training
- Run random phishing tests to see if any of your employees are too easily fooled, then train them in correct practices.
- Carefully read any email address or website you encounter, checking for misspellings as described above.
- Always verify and confirm the target of any hyperlink in an email or on a website.
There are literally thousands of variations of social engineering attacks, and more are being developed daily. The weakest link in any security strategy is the employee who becomes complacent and fails to follow protocols put in place to protect your network and assets. Be vigilant and remind every employee with access to your systems to be aware of and alert for these techniques.
For more information on best practices to protect against phishing and identity theft, visit the Federal Trade Commission’s website.
This loss control information is advisory only. The author assumes no responsibility for management or control of loss control activities. Not all exposures are identified in this article. Contact your local, independent insurance agent for coverage advice and policy service.