Social engineering refers to the use of psychological manipulation to deceive or trick people into divulging sensitive information or taking certain actions that they would not normally take.
Examples of social engineering include phishing emails or phone calls where the attacker poses as a trustworthy entity or person to trick the victim into revealing their login credentials or other sensitive information, or alternatively where the attacker fabricates a story to gain the victim’s trust and send money to what turns out to be a fraudulent account.
The bad actors will often impersonate a senior executive to pressure the victim into the action. To protect against social engineering attacks, it is important to be aware of the tactics used by bad actors, exercise caution when providing sensitive information, and maintain a robust risk management and insurance program.
Social Engineering coverage is found in Cyber and Crime insurance policies.