As businesses move online, a nuanced understanding of cybercrimes becomes not only a defensive strategy but also an integral part of promoting a safer and more secure digital environment for individuals and businesses alike.
At Cowbell, what do we consider the difference between social engineering and reverse social engineering?
- Social engineering is when someone impersonates the Insured’s client/vendor/employee to deceive the Insured into transferring money or granting access to private information to the bad actor.
- Reverse social engineering is when a cybercriminal deceives the Insured’s client/vendor/employee into transferring money intended for the insured to another person or entity. The money was supposed to be received by the insured, but instead, the bad actor redirected it. It also entails the redirection of private information to the bad actor.
An example of social engineering:
Carl owns a construction company and receives an email from who he thinks is his lumber supplier, asking to provide monthly payments to an updated bank routing number. Carl is not alarmed, as the email sender, the email body and signature look familiar to him. After transferring the monthly payment to the new routing number, Carl realizes that even though the lumber supplier’s logo and the name of his contact in the email signature are the same, the email address has the number 1 instead of an L under LLC. This is social engineering, because Carl transferred money to a threat actor who impersonated to be Carl’s lumber supplier.
An example of reverse social engineering:
In the case of reverse social engineering, Carl’s email with his customer has been infiltrated by the threat actor, who then poses to be Carl, and requests payment to be sent to “Carl Cowbell’s Construction company’s new bank,” however, this is really the bank account of the bad actor. Carl’s customer, believing the change in banking information was legitimately from Carl, sends the money to the bad actor instead of to Carl. Carl never receives the money he is owed.
What is the difference between cyber extortion and ransomware?
The terms cyber extortion and ransomware are often used interchangeably due to their connection within the realm of cybersecurity. Yet, it’s crucial to understand that these two interconnected concepts are not interchangeable.
- Cyber extortion is an umbrella term encompassing various forms of digital blackmail, where perpetrators demand ransom from the victims to prevent harm or disruption. The harm threatened could be data leakage, system unavailability, exposure to confidential information, etc. Cyber extortion methods include ransomware attacks, DDoS attacks, doxing, and sextortion, among others.
- Ransomware is a specific type of malware and a subset of cyber extortion. In a ransomware attack, malicious software is installed on the victim’s system—often through phishing tactics or exploiting system vulnerabilities. This malware encrypts the victim’s data, rendering it inaccessible. The attackers then promise to provide the decryption key in exchange for payment so the victim can regain access to their data.
In essence, ransomware is a tool or technique that cyber criminals use and represents one of the many strategies under the broader cyber extortion umbrella. All ransomware attacks can be considered a form of cyber extortion, but not all cyber extortion incidents involve ransomware.
While it is good to understand the nuances between cyber extortion and ransomware, we are finding that as cyber insurance policies evolve, many policies use cyber extortion and ransomware interchangeably.
Remember: It is always especially important that you and your clients take a close look at the wording in your policy to understand what exactly is covered under the definitions in the policy. Most importantly, we are here to help!
At Cowbell, we understand the minutia and nuanced differences between the various types of attacks and their outcomes. To that end, we built highly customized coverages to align directly with both current and emergent threats. The most common coverages under the Cowbell policies that could apply to the cybercrimes mentioned above include:
- Prime 250 – Cowbell breach fund, extortion costs (ransom payments), cybercrime loss (social engineering, reverse social engineering, fraudulent transfer funds), cryptojacking
- Prime 100 – Security breach expense, Extortion threats (malware, DDoS), social engineering, ransom payments, extortion threats, computer and funds transfer
This is part 2 of a three-part blog series about cybercrime. You can read part 1 here. Stay tuned for part 3 next week, where you will learn about the consequences of cybercrimes and how to build a robust defense.