CEO Fraud

In this post, we will define what CEO Fraud is, show a few common attack scenarios, provide 4 common clues to look for in a CEO Fraud attack, and provide 5 best practices your company can do to minimize your risk of becoming a victim of CEO Fraud.

What is CEO Fraud?

CEO Fraud is a targeted scam that involves cybercriminals impersonating a company’s senior executive to trick someone into sending wire transfers or confidential information. This type of scam is also known as Business Email Compromise. Before launching these attacks, the cybercriminals research their victims and create spoof company email accounts to send urgent request messages to other individuals in the company, relying on the assumed trust between the victim and their email account.

Why is CEO Fraud Important?

This result of a successful attack can be highly damaging for both the company and its employees. The presence of a CEO or other senior executive as the sender can guarantee that the malicious email gets attention from employees. If employees are unaware of the risks if the email is fake, it could potentially cost the business money and lost data. Many employees do not even hesitate to question a request from their CEO and will fall into the trap of fulfilling the request in the email.  

3 Common attack scenarios of CEO Fraud:

1. A cybercriminal creates an email address that resembles the senior executives’ legitimate one and sends an email to an employee. The email has a sense of urgency and instructs the employee to wire money to a specific account. For example, the Accounting Department receives an email from Chief Operations Officer, Don Dean (don.dean@yourcompany1.com) instructing them to transfer $3,000 to a specific account. The email did not come directly from the COO but the Accounting Department did not realize this and sends the $3,000 transfer to the impersonator.  

2. A cybercriminal targets the Human Resources department to gain employee personal information by sending a fake email that will appear like it is coming directly from the senior executive urgently requesting tax information on employees. The HR representative believes they are sending this information to the senior executive when it is really going to a cybercriminal.

3. A cybercriminal sends a request to a specific employee, after researching the company and its employees, a cybercriminal creates a targeted email to request the employee to buy gift cards for specific amounts with a sense of urgency. For example, an email appears to be sent from a senior executive requesting an employee to purchase 5x $1000 physical Amazon gift cards and send them a picture of the barcodes.

4 Common clues to look for CEO Fraud:

1. The email is very short with a sense of urgency and pressure.
2. The signature says the email was sent from a mobile device.
3. The email is work-related but comes from a personal address, such as @gmail.com or @hotmail.com
4. The tone of the message does not seem the same as the person you know the email is coming from.

5 Tips on how to minimize your risk to CEO Fraud:

1. Educate users to protect against CEO Fraud phishing attacks by introducing user awareness training.
2. Implement standard operating procedures to authenticate email requests for financial or data transactions and encourage employees to question requests that fall out of normal protocols.
3. Implement two-factor authentication to protect against account takeovers.
4. Proper patching system with effective monitoring.
5. Make sure your company has good backups.

CEO Fraud is a scam that impersonates a CEO or senior executive member of a company and tricks employees into sending money or confidential information to a cybercriminal. It is important for companies to train all employees on the concept of CEO Fraud and consider the common clues to look for when identifying a fraudulent email from a senior executive. By minimizing the risks to CEO Fraud, a company can reduce the chances of wrongfully sharing confidential data or sending money to a cybercriminal. If you suspect you have been targeted at work, stop all interaction with the attacker and report it to your IT Partner. If you have fallen victim and a wire transfer was made, report it immediately to your bank and then law enforcement.

At Yardstick we support our clients by reducing IT risks in their business. If you are interested in protecting your business from cyber scams such as CEO Fraud, get in contact with our team to discuss how we can support your company.