The rise of social engineering attacks

In 2024, reports indicate a significant surge in phishing and social engineering incidents, with 42% of organisations experiencing such breaches, according to the World Economic Forum’s Cybersecurity Report.[1] Unlike traditional hacking, these scams don’t rely on complex code; instead, they manipulate human behaviour—exploiting urgency, familiarity, and a willingness to help. This makes them particularly difficult to detect in real time.

Why your agency may be a prime target

Recruitment agencies process large volumes of personal data and financial transactions regularly—from payroll to contractor payments. This combination makes your business an attractive and vulnerable target for fraudsters eager to intercept sensitive information or divert funds.

Real-world example

At Marsh Commercial, we frequently encounter these threats, often with devastating consequences. One case involved fraudsters posing as a reputable company, claiming they needed contract staff for a UK market launch. Everything appeared legitimate—interviews, contracts, references—but it was a scam, resulting in substantial financial loss.

Key lessons and preventative measures

• Exploiting authority and urgency: Scammers often leverage the credibility of well-known brands and create pressure to rush decisions.
• Remote-only communication: No physical meetings or video calls are arranged, raising suspicion.
• Recently registered domains: Fake email addresses may mimic authentic brands but are newly created.
• Fake documentation: Scammers use forged identities and documents that pass basic checks.

Common tactics to watch out for

• Impersonation of clients or candidates via email to alter bank details.
• Spoofed messages from directors or colleagues requesting urgent fund transfers.
• Interception of communication to reroute payments to fraudulent accounts.
• Cold calls with urgent requests or simple resolutions.

Often, these scams go unnoticed until funds are lost—sometimes days later—making recovery difficult.

Red flags and how to spot a social engineering attempt

Stay vigilant for warning signs such as:

• Sudden urgency to process payments or onboard candidates.
• Unusual communication channels (e.g., switching from email to WhatsApp).
• Lack of in-person or video contact.
• Requests to change bank details unexpectedly.
• Recently created or suspicious websites.
• Discrepancies in company credentials or registration details.

Use tools like Sendmarc, Whois Lookup, ScamAdviser, or Companies House to vet suspicious domains or registrations. Look for incorporation dates, director links to other shell companies, and discrepancies in company credentials.

Practical steps for due diligence and risk management

• Verify the digital identity and domain of new clients.
• Conduct video calls and ID checks, especially for high-value transactions.
• Utilise third-party platforms such as Trulioo, Entrust, or Thirdfort for background and KYC checks.
• Consider escrow services or advance payments before committing to payroll or other financial exposures.
• Train your team using real case studies—phishing isn’t the only threat anymore.

Implement Governance, Risk Management, and Compliance (GRC) protocols, even if your agency is small. Regular red-flag reviews and a designated risk team can prevent catastrophic losses.



Review your insurance cover

Despite best practices, scams can still succeed and can be difficult to stop. It’s crucial to review your cyber insurance policy. Many recruiters assume their cyber insurance protects them from all cyber-related losses, but that’s often not the case.

Here’s what to specifically look for in your policy:

• Social engineering cover: Protection against losses from deception or impersonation.
• Crime insurance: Coverage for internal and external fraud.
• Funds transfer fraud: Protection against unauthorised or manipulated payments.

Stay vigilant and protected

The recruitment process moves fast, and cybercriminals exploit that speed and trust. Invest in team training, verify unusual requests, and consult Marsh Commercial to ensure your cyber coverage is comprehensive.

The TEAM Network is an Introducer Appointed Representative of Marsh Ltd and Marsh Commercial is a trading name of Marsh Ltd. Marsh Ltd is authorised and regulated by the Financial Conduct Authority for General Insurance Distribution and Credit Broking (Firm Reference No. 307511). Copyright © 2025 Marsh Ltd. Registered in England and Wales Number: 1507274, Registered office: 1 Tower Place West, Tower Place, London EC3R 5BU. All rights reserved.

  [1] https://reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2025.pdf