With a wide range of scams on the rise from internet and email, to phone calls and direct mailers, businesses and individuals face increasing risks. Are your clients prepared?
Social Engineering Prevention Techniques
Expertise
June 3, 2025
Check out these tips:
- Utilize a call back method: When a request to change banking information is received, verify it with a direct call to a predetermined number. When establishing a business partner such as a vendor or client, make sure to document their contact information before entering into transactions with them. Use these predetermined numbers to verify changes in banking information.
- Enable MFA for cloud email: MFA or multi factor authentication provides a layer of security beyond a username and a password. Using MFA helps keep email transactions secure.
- Segregate wire transfer tasks: Implement a policy that requires several people to review and approve wire transfer requests or change bank account information. Have the request entered by one individual and verified by others. Consider adding dollar authority limits for different layers of review.
- Conduct periodic phishing training and tests: Education about Social Engineering schemes is one of the best prevention methods. Think of your employees as your human firewall. Every employee can play a crucial role in safeguarding the organization from these attacks.
- Don’t open emails and attachments from suspicious sources: Email security solutions are available to identify and block malicious attachments and phishing emails. You can also add a banner to most email systems to identify internal and external email sources.
- Consider engaging a third party to assess your company’s vulnerabilities and conduct penetration testing.
What to do if you're a victim?
- Immediately contact the originating bank. Depending on the timing you may be able to recall the wire transfer. Confirm the request to recall the wire transfer in writing.
- Preserve all records of the incident, including emails sent and received.
- File a complaint with the FBI at www.ic3.gov. This will trigger the FBI’s assistance in recovery efforts and tracking down the perpetrator(s).
- Contact your commercial crime and/or cyber insurance carrier. Remember coverage for Social Engineering incidents may be covered under either a cyber or a Crime policy.
© 2025Intact Insurance Group USA LLC![]()
Intact Insurance Specialty Solutions is the marketing brand for the insurance company subsidiaries of Intact Insurance Group USA LLC. Coverages may be underwritten by one of the following insurance companies: Atlantic Specialty Insurance Company, a New York insurer; Homeland Insurance Company of New York, a New York insurer; Homeland Insurance Company of Delaware, a Delaware insurer; OBI America Insurance Company, a Pennsylvania insurer; OBI National Insurance Company, a Pennsylvania insurer; or The Guarantee Company of North America USA, a Michigan insurer. Each of these insurers maintains its principal place of business at 605 Highway 169 N, Plymouth, MN 55441, except The Guarantee Company of North America USA, which is located at One Towne Square, Southfield, MI 48076. This material is intended as a general description of certain types of insurance coverages and services. Coverages and availability vary by state; exclusions and deductibles may apply. Please refer to your insurance policy or consult with your independent insurance advisor for information about coverages, terms and conditions. Some coverage may be written by a surplus lines insurer through a licensed surplus lines broker. Surplus lines insurers do not generally participate in state guaranty funds and insureds are therefore not protected by such funds.