One of the biggest scams against CEOs and that can cost companies thousands of dollars is CEO Fraud. This type of fraud is continuing to escalate and has been mentioned in the news quite often lately. Thankfully some arrests have been made but the consequences are still detrimental. In the latest ICR report that was published on April 22, 2019, there were over 20,373 victims and the amount of money lost was estimated at $1.298 billion!
What is CEO Fraud?
CEO fraud is a scam where cybercriminals will create email accounts that look almost identical to the actual company and send emails to impersonate the CEO or other executives to trick accounting or human resources to transfer funds or send out confidential information.
This is also known as BEC which stands for Business Email Compromise. This is also the name that the FBI calls this scam. According to FBI statistics, CEO fraud is now a $12 billion scam. There have been BEC scams reported in all 50 states and in 150 countries just between December 2016- May 2018. This type of fraud is on the rise globally too so it’s important you stay alert and ready.
How Does CEO Fraud Work?
According to the FBI, this is the timeline of how a cybercriminal will attack a CEO/Executive:
1. Identify a Target– cybercriminals can take months or years researching a company and its executives like their CEO. Organized crime groups target U.S. and European businesses, exploiting the information available online to develop a profile on the company and the executives there. In other words, they are researching the company’s website, social media, and anything else they can find!
2. Grooming– this step can occur over a few days or a few weeks! The cybercriminals start the process and start creating the phishing emails and/or telephone calls from the CEO to target the company officials (typically they target individual in charge of the finance department as that is where they get the funds). Don’t think these cybercriminals don’t know how to persuade and pressure you into transferring those funds. They use words to show urgency and they know how to manipulate.
Examples:
*Email from the CEO (the cybercriminal impersonating) to Finance Department saying: “Urgent wire transfer request! Please send $20,000 to a new account with account #12406953-2104
*Email from the CEO (the cybercriminal impersonating) to the CFO saying: “Please pay this time-sensitive invoice asap as I’m on vacation and unavailable at this time.”
*Email from CEO (the cybercriminal impersonating) to Human Resources saying: “Need a copy of all employee W-2s for the IRS immediately!”
*Email from CEO (the cybercriminal impersonating) to Marketing Manager saying: “We need to send money for these ads immediately to this agency, please contact them and get this sent over ASAP!”
See how all these emails if sent from a CEO type email could be taken as a real email and unfortunate wire transfers and data breaches can occur!
3. Exchange of Information– this timeframe can vary. This is the step where the victim either takes the bait or not. If the victim (typically someone in finance) is convinced that they are conducting a legitimate business transaction, then they will reply back to the scammer and gather how to do make the transaction. This is when the scammer will provide the wiring instructions for the funds.
4. Wire Transfer– this timeframe can vary as well. This step if you can guess is the actual transfer of funds and an executive falling victim for this horrible scam. The cybercriminals make sure they have a bank account ready and the funds are sent to the bank account that is completely controlled by them. This step can actually take place multiple times before the victim realizes they are a part of a fraud. Cybercriminals can continue to groom the victim into transferring more and more funds.
How to Not Fall Victim to CEO Fraud?
1) Check message headers and ensure that the message being sent is really from an email account that the CEO or manager is controlling
2) Verify verbally with the requester before making any financial transactions
3) If they are asking for gift cards, that’s a dead giveaway.
4) Look for a solution that is designed to provide an integrated solution that works with your email system and one that offers robust security and protection against the number one data breach threat. The solution should provide the ability to pull in the “wisdom of the crowds” and help identify phishing attempts as well as an automated way to mitigate against current attacks and threats.
There are platforms out there that provide an integrated solution with outlook support that offers robust security and protection against data breach threats. To check out one we recommend click here: https://triadanet.com/ironscales-best-antiphishing-software-and-anti-ransomware-software/
What Triada Networks is Able to Do?
We offer solutions that work with your email system and that will offer security and protection against attacks like CEO fraud. We want to help protect your employees and you as the CEO by implementing some of the best systems and practices out there. Our team here at Triada Networks will help you get set up with our email system by going over it in-depth and answering all your email security questions too. If you are interested in signing up for a free consultation, give us a call at 201-297-7778 or go online here (https://triadanet.com/schedule-a-free-consultation/) and schedule today!
Resources:
281 Arrested Worldwide in Coordinated International Enforcement Operation Targeting Hundreds of Individuals in Business Email Compromise Schemes. 10 Sept 2019. Department of Justice: Office of Public Affairs. https://www.justice.gov/opa/pr/281-arrested-worldwide-coordinated-international-enforcement-operation-targeting-hundreds
BEC Fraud Losses Grew to $1.3 Billion in 2018: FBI. 24 Apr 2019. Security Week. https://www.securityweek.com/bec-fraud-losses-grew-13-billion-2018-fbi
Business E-mail Compromise. FBI. 27 Feb 2017. https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise.
