CEO Fraud

CEO Fraud is a rapidly growing attack vector taking advantage of employees’ willingness to please the boss. Organizations have already lost billions of dollars to these scams and email security solutions need to be highly sophisticated in order to protect both employees and the business.

What do you do when you get an email from your CEO?

Like most of us, you probably respond very quickly and do your utmost to fulfil whatever their request is efficiently. But what if that request is to transfer $10,000 to a supplier or get to the local Apple store and buy $1,000 worth of iTunes vouchers on the company credit card and send over the codes within the hour? Most people wanting to stay on the good side of the CEO will probably just do as asked without too many questions. However, there’s a growing technique used by hackers known as CEO fraud, whaling, or business email compromise (BEC).

Falling under the category of social engineering, CEO fraud takes advantage of the very human desire to please the boss through CEO impersonation. The target is often the finance team, and usually appears completely legitimate and reasonable. The email address used to send the request is usually only a character out (think CEO@censormet.com) and all too easy to mistake for genuine.

According to the FBI, CEO impersonation and similar attacks were up 1,100 percent from 2013 to 2017 and losses in that timeframe totaled $2.9 billion. Clearly, it’s a good way to make a buck or two – and anyone can be a victim.

In 2013, the toymaker Mattel lost over $3 million to this very scam. An email, apparently written by the CEO Christopher Sinclair, requested a vendor in China should be paid, to which the finance executive willingly obliged. The fraudsters knew what they were doing – not only was Sinclair a new CEO stepping in after a period of change, but the request was also made on a Friday before a public holiday on the Monday. While Mattel was able to retrieve the funds, not everyone will be so lucky.

Adaptation

Criminals are having to adapt as employees get wiser to CEO fraud and impersonation scams. Some of the ways they’ve changed include shifting malicious links from the body of the email into attachments or files in cloud storage that are auto-previewed, this makes it harder for email filters to block them and users more likely to click. Training of employees, while still important, can’t solve the problem. Awareness needs to be combined with an ultra-modern, multi-layered email security solution. Traditional pattern matching or recurrent pattern matching technologies are useless and, instead, a solution needs to combine content analysis, threat intelligence, and executive name checking.

Content analysis looks out for CEO fraud email containing phrases like ‘urgent wire transfer’ or similar and, while a good first step, comes with a risk of false positives meaning any genuine urgent wire transfer requests may well be quarantined. Tagging external emails, using executive tracking to look for senior leadership names in header and envelope fields, as well as keeping a list of nearby domains and checking emails against that can help reduce the risk of false positives. While link scanning is also still a good practice, given scammers are now taking links out of the body of emails, you ultimately need a solution that allows for integration and threat sharing across multiple vectors – such as email and web. That means that, should a dodgy link be clicked on, web security can block it from opening and add it to the list of domains to be permanently blacklisted.

10 Top Tips For Improving Your Email Security

Improve your email security with these crucial steps

Read now

Criminals are getting savvier and their techniques far more sophisticated. Any email security solution needs to match them.

CEO Fraud Insights

How Business Email Compromise continues to wreak havoc in the boardroom

So, let’s kick off with the blindingly obvious, Business Email Compromise or CEO Fraud isn’t new. I didn’t wake up ...

Read More_

Why is Office 365 email a security risk?

When it comes to digital transformation, moving to the cloud is key. According to Forbes, 83% of enterprise workloads will be ...

Read More_

A Deep Dive on How to Catch Phish

The modern email threat. The simple plain text email appearing to come from the CEO asking the junior finance or ...

Read More_

Are humans still the weak link in the Cyber Security chain?

I think the answer has got to be a resounding yes. There will always be black swans and sheep that ...

Read More_

Want to discuss your specific security requirements?

Get in touch for an informal conversation

Not ready to renew yet?

If you're interested n Censornet security services but your existing service not ready to renew, give us a few details and we'll be in touch nearer the time.i