All the Cybersecurity in the world isn't a match for a well timed social engineering attack.

It happens every day, across the country and globe. A well intentioned employee follows your process.  Only this time, they have been tricked.  Screen Shot 2021-08-09 at 10.10.13 PM

Co-authored by Chubb, Gordon Rees Scully Mansukhani, LLP and PaymentWorks, this whitepaper walks through exactly how these fraudsters can get through, even with the most diligent employee efforts.


Email has become an indispensable tool for global businesses, improving efficiency by facilitating nearly instantaneous communication and expediting vital actions about sales, payments and other critical business activities. An estimated 300 billion email messages are exchanged every day by businesses and individuals.

While its speed and ease of access have made email routine and universally accepted, these benefits mask the inherent vulnerability of email and often lull well-intentioned employees into a false sense of security. In reality, even with protections put in place by internal IT departments or outside partners, email remains an unsecured and unreliable technology capable of being hacked, altered and manipulated.

The FBI estimates that cyber criminals stole more than $28 billion through email fraud from 2016-2020, with an average loss per incident of more than $150,000.

This report outlines common types of social engineering schemes, particularly involving payments and suppliers, as well as the technology tools and enhanced procedures that can help employees protect themselves and their companies.