What is CEO Fraud?
CEO Fraud is an email-based cyberattack designed by hackers to impersonate company executives. Spoof company emails are sent to trick employees into sending confidential information or wire transfers.
The FBI refers to this type of cyberattack as a “Business Email Compromise” (BEC) which they define as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”
From January 2015 to June 2016, the FBI has reported a 1300% rise in losses due to CEO Fraud. These fraudulent transfers have been linked to 79 countries, with most ending up in China and Hong Kong. CEO Fraud has around a 90% success rate because the chances of recovery are small unless it is identified within 24 hours.
Four Types of Attacks
– Emails are sent to a large number of users to “fish” confidential information by posing as reputable sources.
– Reputable sources can be: credit card companies, delivery forms, banks.
2. Spear Phishing
– More targeted and focused type of phishing.
– Cybercriminals study a target group and collect online data about them.
– Phishing email is sent to a target group based on a service that they use.
– Email can be personalized with the target’s name.
3. Executive Whaling
– Targets top executives and administrators.
– Strives to get users to send money or to disclose confidential data.
– Key feature of executive whaling: Email personalization and detailed knowledge of the executive and the business.
4. Social Engineering
– Uses psychological manipulation to trick people into revealing confidential information or providing access to money.
– Includes mining information from social media sites such as Facebook or LinkedIn.
Beware of CEO Fraud: What is it and How to Detect it
February 02, 2017 9:40:24 PM