CEO fraud is a type of cyber scam whereby a criminal will spoof a company email address, impersonate a member of an organisation, such as the CEO in the hope that the unlucky employee who receives the email won’t realise they aren’t in fact talking to the CEO and do action their request to transfer money, click malicious links or send out confidential information. It is also known as Email Spoofing and is named Business Email Compromise by the FBI.
A spoofed email address looks exactly the same as the real persons email address making it very hard to identify. An anti-spam filter helps protect your business from receiving this type of email but it is important to invest in a good solution as the better the solution the better it will be at helping keep these emails out. It is important to remember that these things aren’t 100% perfect and it is still possible that spoofed emails can still reach you. If you don’t have an anti-spam filter in place, you are in a vulnerable position.
What is the process?
An attacker will research a company for months to gather the necessary data to conduct an attack.
They will also spoof your domain so they can impersonate the CEO (or other people within the business with decision making power).
The spam attack
A spoofed email will be sent to an employee within the business who has usually been carefully picked out as someone who can make the necessary data handover or transaction request.
Due to the realistic and high priority nature of these emails the unsuspecting employee complies, under no suspicious that they are not talking to who they think they are.
If social engineering was successful, the criminals will gain the (usually) money and data they were after.
Resulting in loss of money, horrendous data breaches, tarnished reputation and loss of trust from clients/customers.
In certain, sophisticated cases a cyber criminal will hack an organisations emails, giving them access to all emails and compromising all data shared. They will then find a recent invoice that has been sent to them from a supplier, spoof the suppliers email address and resend the invoice with amended payment details so the organisation ends up paying the cyber criminal instead of the supplier.
How to prevent CEO fraud
Think before you click! Easier said than done when spam emails can be so convincing but be cautious of time sensitive emails and pick up the phone and confirm the email with the sender. It’s better to be safe than sorry.
If the email address, subject and language is convincing check other details such as if the email says “FWD” or “RE”. Attackers tend to use these in their subject lines to create the image that their message is part of a previous conversion. Being wary of emails sent on Mondays is also other pointer as according to Proofprint, more than 30% of CEO fraud emails are sent on a Monday. The reason scammers will often send scam emails on a Monday morning is because they hope that employees will more likely be fooled after a weekend away from their desk.
Ensure you are using an anti-spam filter as it this greatly prevents the infiltration of spoofed emails arriving in your inbox but much like anything, it isn’t 100% effective so it is also important to educate yourself on how to spot a phishing email.
Generic spoofed email examples
Below are some broadly written, generic emails that many of us receive on a daily basis. If someone were to spoof your boss’ email address and ask you to action the below, 9 out of 10 times you’d probably action it straight away and not a bat an eyelid.
Paying an Invoice
A typical email sent to the finance department. When you action large payments on a daily basis. You wouldn’t stop and think this wasn’t real? Or would you?
Login details request
Your boss asks you to send over the login details urgently as she is in a meeting and needs them for the meeting. Seems legit? Or not legit enough?
A forwarded email has been sent to you where you need to authorise and sort payment of the booklet you’ve been working on, sending payment to the supplier as your boss needs you to action this last minute request. It could be true? Or?
CVs are attached and sent to you frequently when you work in HR. You’re interested to see if they could fill the position so you click on the attached CV. You would’nt doubt at any point this is a virus? Would you?
The point we are trying to make is that these emails usually appear very real and if they are coming from what appears to be your boss’ or colleagues email address you may not identify that they are fake. The key is to be vigilant when receiving any email and keep your eye our for typos, a sense of urgency and any out of the ordinary requests.
Similarly, when phishing emails are sent the criminal will use a similar email address to yours (not an exact replica of your email address like CEO fraud), for exmaple if your email is usually, email@example.com they would create a similar one much like the following: firstname.lastname@example.org which you may not pick up as it is very similar.