Social engineering
The scourge of impersonation fraud
A long preparation
Overview
37%
More than one in three Swiss companies surveyed by the auditing firm PwC in 2014 has been a victim of fraud in the previous 24 months. In 2013, this figure was 18%.
52%
This is the percentage of frauds reported in Switzerland which consist of a theft of an amount less than CHF 100,000. In 40% of cases, the amounts are between 100,000 and 5 million francs. In 4% of cases, they exceed 5 million.
32,7%
This is the increase in cases of economic crime identified by KPMG in Switzerland between 2013 and 2014. The auditing firm identified 77 cases that year.
CEO fraud: A user’s manual
The scammer contacts an accountant at the targeted company by email or phone, posing as the CEO or a senior executive. Claiming an urgent and confidential transaction (tax audits, foreign acquisition), the scammer then requires the employee to make a transfer to an account located abroad as soon as possible.
The canton of Vaud on alert
Practical advice
To protect against social engineering techniques, companies need to make their employees aware of this crime and establish or review adequate control procedures:
- The caller's identity must be systematically cross-checked
- The caller in question must be systematically contacted following a call or emailed to verify
- that he or she is the right person
- The information provided should be checked
- The person approached must question the pertinence of the information requested by the speaker, and use common sense by not hesitating to speak to peers and check with management
Tightening of insurance conditions
- This type of fraud will continue to be covered under the general terms and conditions but the potential policyholder must answer specific questions relating to social engineering. The insurer reserves the right to exclude certain guarantees or limit them by amendment if it finds that the procedures and controls are insufficient;
- Losses due to a transfer instruction given by a person who has passed him- or herself off for another are excluded, in the absence of authentication and cross-verification to protect the integrity of the communication and authenticate the transmitter.
2015, or the explosion in Switzerland
Geneva
Neuchâtel
Vaud
Valais
Freiburg
Bern
Over ten scams in 2015 for an amount of 400,000 francs.