Just when one thought it was safe to go back into the water companies are being victimized by sophisticated and pervasive social engineering fraud attacks.

“Social engineering fraud” is a broad term that generally refers to computer scams used by cybercriminals to trick their victims into transferring confidential information and funds. “Phishing” is the most common form of social engineering fraud for which the fraudster sends an email impersonating a vendor, client or supervisor of the company and advises that banking information for the vendor/client has changed or company funds immediately need to be wired at the “supervisor’s” direction. Such cybercriminals exploit a person’s trust in order to find out their banking details, passwords or other personal data. “Whaling” is another term for such attacks when they are made against the top-level executives of companies—the “whales.”