Businesses in Ohio and nationwide are facing that time of the year when hackers may present a dire threat to the well-being of the enterprise. Tax season calls up the need for businesses to prepare and distribute W-2 forms. If hackers can get their hands on these forms, they can file fraudulent tax returns, pocket people's refunds and engage in other acts of identity theft. In business law parlance, the methods used by hackers to obtain this information is called social engineering.
Small and medium-sized business may be the ideal targets for some of these schemes because the criminals will rely on making contacts and building relationships with a key person in the business. They execute a plan that is designed to get even the most trained employees to release the vital financial data that they seek. There are several forms of social engineering that are used. One method is email phishing in which a top executive's account is mimicked to request that the information be sent.
The criminals will also use automated messaging to replicate the type of legitimate request that may come from a bank or other financial institution to obtain responsive information for verification purposes. They also send bogus invoices to encourage business personnel to pay an invoice at a fraudulent digital account. There are many safeguards that companies can use to defeat these scams, including training, education and inter-company protocols that require dual authorization.
It is also possible to obtain insurance coverage from insurers that specialize in protecting against this kind of threat. These policies may contain limitations and terms that should be first reviewed with business law legal counsel to assure understanding and the benefits being purchased. Due to policy limitations, the best way to protect against social engineering trespasses in Ohio and elsewhere is to practice strong internal control measures that are designed to trip up these frauds in their beginning stages.
Source: insurancenewsnet.com, "Insuring Your Business Against Social Engineering Fraud", March 12, 2018