Beware of CEO Fraud: What is it and How to Detect it

log in page
What is CEO Fraud? CEO Fraud is an email-based cyberattack designed by hackers to impersonate company executives. Spoof company emails are sent to trick employees into sending confidential information or wire transfers. The FBI refers to this type of cyberattack as a “Business Email Compromise” (BEC) which they define as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” From January 2015 to June 2016, the FBI has reported a 1300% rise in losses due to CEO Fraud. These fraudulent transfers have been linked to 79 countries, with most ending up in China and Hong Kong. CEO Fraud has around a 90% success rate because the chances of recovery are small unless it is identified within 24 hours. Four Types of Attacks 1. Phishing – Emails are sent to a large number of users to “fish” confidential information by posing as reputable sources. – Reputable sources can be: credit card companies, delivery forms, banks. 2. Spear Phishing – More targeted and focused type of phishing. – Cybercriminals study a target group and collect online data about them. – Phishing email is sent to a target group based on a service that they use. – Email can be personalized with the target’s name. 3. Executive Whaling – Targets top executives and administrators. – Strives to get users to send money or to disclose confidential data. – Key feature of executive whaling: Email personalization and detailed knowledge of the executive and the business. 4. Social Engineering – Uses psychological manipulation to trick people into revealing confidential information or providing access to money. – Includes mining information from social media sites such as Facebook or LinkedIn.
Five Common Attack Situations 1. Receiving or starting a wire transfer request – Spoof emails that come from top executive emails and are sent to employees. – Email includes a message to transfer funds. – Email looks real as it comes from a correct email address. 2. Executive and attorney impersonations – Hackers impersonate executives or lawyers dealing with confidential and time-sensitive information. 3. Sending fraudulent emails to a business’ contacts. – Cybercriminals take over an employee’s email account. – Invoices or other documents can be sent to company suppliers. – Money can be transferred to fake accounts. 4. Businesses working with a foreign supplier – Takes advantage of an established wire-transfer relationship with a supplier. – Asks for funds to be transferred to a different account. 5. Data Theft – Fraudulent emails requesting confidential information such as tax forms or company lists. – Emails come from spoofed executive email accounts and sent to HR, auditing or accounts departments. If you would like to learn more about how to protect your organization from CEO fraud, be sure to give us a call.

February 02, 2017 9:40:24 PM

Bill Boisvenue

Leave a Reply

Your email address will not be published. Required fields are marked *



Getting your computer network, phones and software applications to work shouldn’t be a monumental project;
yet we constantly hear from frustrated organizations like yours who call us when they’ve finally
had enough of the poor services and excuses from their current IT support firm.

Our offer of a FREE Service ticket is a no-risk way of introducing our services.
Let us diagnose and work on the computer problem of your choice and
find out what over 25 years of service excellence feels like.

Accepting this free offer in no way obligates you to do any further business with us but of course we hope you will!

1. Because our resources are not unlimited, the free service ticket will cover a maximum of 2 hours of remote support for 1 service issue.
2. Since customers who are the best fit for our services have a minimum of 10 computers, this free offer only applies to organizations of this size.
3. This offer applies only to organizations who are not already a customer of BSC Solutions Group.

Please fill out this form and a BSC Solutions Group “IT Guardian Angel”
will contact you within 24 hours.