Skip to Main Content Back to Top Let's Talk
Home Blog Funds transfer fraud vs social engineering: Protect your business

Funds transfer fraud vs social engineering: Protect your business

Business professionals perform software testing in a technology startup office
Higginbotham H logo

Funds transfer fraud and social engineering fraud are two common types of cybercrime that can impact businesses. Funds transfer fraud typically involves hackers gaining access to banking information and misdirecting payments that are intended for others. On the other hand, social engineering fraud relies on manipulation and deception to trick individuals into sending money to a fraudulent account.

Both types of fraud can be devastating for any company, but small businesses are particularly vulnerable since they may lack the resources to recover from significant financial losses incurred by an attack. That’s why staying vigilant and taking proactive steps to guard against these cyber threats is so important.

What is funds transfer fraud?

Funds transfer fraud is defined in most commercial crime insurance policies as the submission of false wire or money transfer instructions to an insured’s financial institution by a cybercriminal. These instructions appear to come from the insured and direct the bank to transfer funds into accounts controlled by fraudsters.

Common scenarios include:

  • Fake wire transfer requests sent directly to the insured’s bank
  • Unauthorized use of online banking credentials to initiate payments or transfers
  • Direct theft from bank accounts once credentials are compromised

This form of fraud is distinct from social engineering. While both involve deception, social engineering typically targets employees directly, such as through fake invoice schemes or impersonation emails, in order to trick them into making payments.

It’s important to note that commercial crime policies usually apply the full policy limit to losses due to funds transfer fraud, but often impose lower, separate sublimits for social engineering losses.

What is social engineering fraud?

Social engineering fraud exploits personal vulnerabilities and human error, rather than the technical weaknesses of a business. Cybercriminals use various tactics to manipulate individuals into revealing sensitive information or executing unauthorized fund transfers.

Common forms of social engineering fraud include:

  • Phishing: With a phishing attack, cybercriminals send deceptive emails, texts or phone calls that appear to be from a legitimate source, such as a government agency or trusted brand. The message may contain a link that, when clicked, prompts the victim to enter sensitive information.
  • Spear Phishing: Spear phishing involves more targeted cyberattacks that are customized with specific information about the intended victim. For example, while a phishing email posing as a government agency could be sent to thousands of recipients, a spear phishing email may be sent to one individual and involve posing as an executive of the individual’s employer.
  • Business Email Compromise (BEC): BEC attacks exploit the trust associated with high-ranking positions within an organization to request urgent funds transfers. Scammers often target an employee who has access to company finances and pose as a company executive or other trusted contact in order to trick the victim into making an unauthorized wire transfer.
  • Tech Support Scams: These scams often begin with an unsolicited call from an individual claiming to be a technician for a well-known company. The scammer may claim the victim’s computer has malware and request payment and/or remote access to the computer in order to remove it.
  • Invoice Manipulation: In these schemes, fraudsters intercept or impersonate legitimate vendors or service providers to submit altered invoices. The goal is to mislead the recipients into paying fraudulent accounts by changing banking details or inflating charges. These attacks often rely on prior knowledge of existing business relationships and invoicing processes.

Funds Transfer Fraud vs. Social Engineering Fraud

Funds transfer fraud and social engineering fraud can both lead to unauthorized transactions and may use similar tactics. However, they differ in how those tactics are applied.

Funds transfer fraud typically uses technical methods like malware or credential theft to gain direct access to financial accounts and initiate unauthorized transfers directly with the company’s financial institution. Social engineering fraud, on the other hand, focuses on manipulating people, often by impersonating trusted contacts, to trick them into willingly sending funds or sharing sensitive information.

Close-up photo of African American male hands typing on a laptop keyboard while looking at cell phone

Preventing Funds Transfer and Social Engineering Fraud

A layered approach can help protect against both types of fraud. Consider the following strategies:

  • Use strong authentication methods. Requiring multi-factor authentication (MFA) for all financial transactions can add an extra barrier for fraudsters, even if login credentials are compromised. Your organization could also require two authorized individuals to verify or approve transactions to reduce the chance of a single employee making a costly mistake.
  • Monitor account activity in real time. Use fraud detection tools that flag unusual or high-risk transactions to help stop unauthorized transfers before they’re completed.
  • Train employees on common scam tactics. Educate your staff members to identify phishing emails, phone scams and impersonation attempts. Ongoing training helps to build awareness and can reduce the risk of human error.
  • Regularly update passwords and credentials. Encourage employees to use strong, unique passwords and to change them regularly. Immediately update access credentials if fraud is suspected.
  • Limit access based on job responsibilities. Use role-based access controls to restrict sensitive information or payment platforms to only those who need them.
  • Review and test internal procedures regularly. Conduct regular audits of cybersecurity practices and simulate phishing attempts to identify organizational vulnerabilities and assess the need for further employee training.

Cyber Insurance Options for Financial Fraud

Commercial crime insurance policies often include optional coverage for funds transfer fraud. This coverage is designed to help protect businesses from financial losses caused by fraudulent instructions that are sent directly to a financial institution by fraudsters impersonating the insured and authorizing unauthorized transfers. Coverage terms and definitions can vary by carrier, so it’s important to review your policy carefully to understand what’s included and what may be excluded.

Crime policies may also offer a separate sublimit for social engineering fraud. Because this type of loss does not always involve direct unauthorized access, it’s typically not covered under the full crime policy limit and must be addressed under a more limited subcoverage.

Social engineering insurance can help protect businesses if employees fall for a social engineering scheme and steal data, divert funds, access accounts or install malware. It’s important to note that this coverage is excluded or sublimited by many insurance policies, so businesses wanting protection from social engineering may need to add it as an endorsement to their existing cyber or crime policy.

Is your business adequately protected?

The right insurance and risk management strategies can help mitigate fraud risks. Higginbotham can help businesses secure comprehensive cyber insurance coverage and implement cyberattack prevention strategies.

By partnering with Higginbotham, businesses can gain access to tailored insurance solutions that are designed to provide peace of mind and business continuity. Connect with one of our cyber insurance specialists to learn more.

Not sure where to start? Talk to someone who wants to listen.

A great plan starts with a conversation. Let’s talk about what you need.

Let’s Talk

Request a Quote

Woman with glasses smiling in bright office looking off camera
Higginbotham H logo