Risk Solutions


For Agents & Brokers

HSB Total Cyber™ expands social engineering coverage for online fraud

Cyber thieves have upped their game, so should your clients

HSB Total Cyber™, which provides multiple levels of cyber protection designed for the special needs of medium sized businesses, now includes social engineering fraud coverage to pay for financial loss when hackers trick employees into paying out company funds.

Criminals get inside information

Increasingly, cyber criminals are using sophisticated social engineering tactics, in which they carry out phishing schemes or hack into a company computer to get inside information and copy Web pages.

Then send deceptive emails

Then, they send a phony email which looks authentic and claims to be from a senior executive, financial officer, or company lawyer, instructing an employee to transfer funds into an outside bank account.

That fool employees into transferring cash

In one case, an official with a commodities company wired more than $17 million to a bank in China after receiving emails supposedly from the CEO. Even worse, an online wire transfer provider lost almost $31 million when criminal impersonators targeted the company's finance department.

It's hard to keep up with cyber thieves

"It's getting harder for a business to keep up with hackers and thieves," said Timothy Zeilman, HSB vice president and counsel. "Social engineering attacks are very effective because they appeal to the trust that employees have in their managers. That's why we've added Misdirected Payment Fraud coverage to our HSB Total Cyber™ program."

Big challenge for smaller companies

The fact that social engineering attacks are successful in large corporations, despite internal controls designed to prevent them, shows the challenge facing smaller companies and their workers.

Millions of dollars are stolen every year

Over an 18-month period through June 2016, the FBI reported a 1,300 percent increase in identified business losses, with victims in all 50 states and 100 countries. In the United States, the total dollar loss from social engineering scams targeting businesses was more than $93 million.

What you can do about it

Business owners should take steps to protect their information and train employees to watch out for phishing schemes and other cyber attacks at work. Security specialists recommend:

  1. Be wary of email-only wire transfer requests and those that claim to be urgent.
  2. Use the telephone to call and verify a manager’s request and business partners.
  3. Be cautious of mimicked email addresses: the email domain may be slightly altered from the legitimate address, spelled slightly differently, for instance.
  4. Practice multi-level authentication, which requires two or more ways to authorize a transaction, such as passwords, security tokens, or security questions.
  5. If you think your business has been compromised by a social engineering scheme, contact your financial institution immediately. Request that the institution contact the financial organization where the fraudulent transfer was sent.
  6. File a complaint with the FBI's Internet Crime Complaint Center.

HSB provides insurance protection

HSB's Total Cyber™ provides insurance coverage for medium size businesses. It includes a suite of coverages for data breach, settlement and defense costs related to cyber liability, and expenses for cyber attacks such as cyber extortion and ransomware.

Including social engineering coverage

Our new Misdirected Payment Fraud coverage pays for direct financial loss resulting from criminal deception using email, fax, or telephone schemes that convince an employee or a company's financial institution to send or divert money to a fraudulent account.

Learn more about the HSB Total Cyber™

Visit our website to learn more about HSB Total Cyber™ and our social engineering coverage. Or contact your HSB representative for more information.

HSB Total Cyber™ expands social engineering coverage for online fraud