Fraud, whether online or off, seems to get more and more brazen with time. And in the digital age, more and more sophisticated. If you think you are above becoming a victim, think again. Some very bright, capable people, much to their embarrassment, have been taken in by these bold new forms of fraud, collectively referred to by security experts as social engineering.
These attacks not only take on many forms, they bring perpetrators staggering amounts of money, so the incentive to come up with new and cleverer scams is huge. And because companies make richer targets, they are increasingly becoming the prey of choice for professional grifters.
Take the Fake President scam, where the fraudster assumes the identity of a senior company officer who they know is away on business. He or she phones a low level employee, often one unaccustomed to dealing with the higher-ups, and tells them that the business trip is going exceedingly well but an immediate cash transfer is required to secure an enormous contract. The underling, at once flattered at playing a critical role in this win and too deferential to ask many questions, badgers someone even lower on the ladder someone with signing authority to make a cash transfer. In the space of a couple of days, the company can be out millions of dollars.
Sound like something you see in the movies? Think again, because internet fraud alone is estimated to rake in hundreds of billions of dollars each year internationally. And those are just the reported amounts. Far more victims are simply too embarrassed to come forward.
Your best defense
What can information security officers conclude from the broader fraud picture? The first thing is, human nature doesn’t really change. It will always be your organization’s Achilles heel when it comes to information security. And there’s no firewall or technical fix for that.
Secondly, fraud is a shapeshifter, constantly evolving to take on new forms and target new vulnerabilities. There is no way to know what guise it will take next, so security managers need to anticipate all possibilities and immerse staff in constant training and refresher courses to maintain a high state of awareness and readiness at all times.
The good news is, concerted and ongoing information security training addresses the human factor, so employees are made aware of their vulnerabilities. Their training leads them to pause a moment and think before they click on that email, or volunteer information over the phone.
While technology may create an open door to fraud, nurturing a culture of security among your people goes a long way to slamming that door shut.