Chris Yelverton
Chris Yelverton
Vice President, Sr. Payments Advisor, KeyBank
The Associated General Contractors of Alaska logo
Financial Services & Contractors
Protecting Your Business from Social Engineering Scams
By Chris Yelverton
W

hat does data theft look like, really? Is it a black-hoodie-clad villain tapping away at a laptop while ominous green code streams across their monitor? Not usually. In fact, a huge portion of cyber-security breaches occur through social engineering. So, often data theft looks like a customer or employee who is enticed to act in a way they shouldn’t.

Through social engineering—using interactions online or information available on LinkedIn or other social media platforms—scammers identify targets such as employees who may have access to a company’s network or financial systems. They send phishing emails that may look like they’re from a financial institution, vendor, customer, or other trusted sources. These emails will include a link or download that installs malware on the recipient’s computer.

Fraudsters may also use “vishing” or voice phishing, which is a scam phone call or voicemail to users of VoIP, or Voice over Internet Protocol, platforms. On VoIP, scammers can spoof the inbound number on caller ID to engage with an employee as a business contact and then direct the target to enter their login and passwords on a spoofed site. Using text or SMS messages, also known as “smishing,” and social media interactions to gain access to systems are other methods that are gaining traction.

Once scammers have access to a company’s network through phishing, vishing, or smishing, they can attempt to find financial accounts, credit card data for the company or its customers, install ransomware, or request or send illegitimate payments. Businesses wary of hackers take precautions with digital security. Some of those precautions may include using firewalls, insisting that customers and employees use strong passwords, or even making two-factor authentication or biometric indicators mandatory to access accounts and information. But while those measures help in defending against online attacks, they can be less effective against forms of social engineering, which rely on the judgment of customers and employees.

Digital security measures are less effective against scams that rely on good judgement.
Consider the new scam called the “boss scam.” A text message is sent to personal cell phone numbers coming from a fraudster posing as the CEO or a senior leader at your company asking you to purchase gift cards for a fake work emergency. They’ll ask you to purchase the gift cards and to scratch off the back to send them the PIN or claim code, with the promise to pay you back.

That’s a great example of a red flag for social engineering scams: They tend to include a sense of urgency and ask victims to do something outside of the norm.

With social engineering attacks increasing, staying ahead can be tough for middle market businesses, particularly those dealing in high tickets that require lending and an exchange of sensitive data.

Here are some tips to keep in mind to protect yourself and your business from social engineering scams:

  • Pause and verify. Scammers create a sense of urgency to prey on emotions. Do not reply to the email or text; instead reach out and confirm the request with your boss through a trusted source.
  • Be careful what information you share on LinkedIn and other social media sites. Fraudsters research and use this information to lure you in with a false sense of security.
  • Limit who can access your information and use any privacy settings.
  • Don’t act on requests via email or text, especially purchasing gift cards or making money transfers, without verifying directly with the source.
  • When receiving email or text messages, don’t click on links or open attachments that are unexpected or from an unknown source—always validate first.
Chris Yelverton is the Vice President, Senior Payments Advisor of Commercial Payments with KeyBank. His interest in technology and changing the way bank clients think about their banking partnerships was a catalyst for his transition into treasury management. His career in the financial services spans more than twenty years, exclusively in the Anchorage area. He joined KeyBank in December 1998 as a teller and has held several positions in retail including Key@Work RM and area retail leader. He joined the Commercial Banking team in August 2013 and has demonstrated success across different lines of business.