Cybercrime is the fastest growing form of criminal activity, and CEO fraud forms a major part of this modern crime. CEO fraud is a type of phishing whereby the would-be cybercriminal or attacker sends an email that elicits a response. Through this response, they can gain access or information that will allow them to misuse your sensitive information.
The aim of the cyber-criminal is to gather sensitive information that can then be used to access company data and commit financial fraud. Below are three of the most common forms of CEO fraud that you must be aware of and some insight as to how you can avoid being a victim of this form of phishing online.
Spoofing email addresses
This is one of the most common forms of CEO Fraud. The criminal impersonates a legitimate company email address to steal personal data or asks for specific actions to be performed by the recipient. The emails may use threats and create a sense of urgency to scare the recipient into action. Keep an eye out for modified branding, carefully inspect all URLs, and discard emails with minimal content and numerous links. The deceptive spoofing attack will be based on how similar the email will look to an original from the spoofed company. Employees must be aware of the genuine company details and branding and avoid and report any lookalikes or strange emails with similar branding pertaining to a CEO or top executive.
Whaling and Spear phishing
This is where the criminal uses a more targeted approach, using the targets’ name, position, and some personal details that make contact seem genuine. Once the victim clicks on the links provided, it is likely they will be losing data and allowing access to cybercriminals. Given the amount of personal data needed to make these attacks look genuine, it is no wonder that they are most popular on social media and on corporate company sites, as this is where all the background information can be gathered.
Whaling is a type of phishing attack that involves the harpooning of an executive and then stealing their personal details or credentials to log in. It is one of the most common and current forms of CEO fraud where instead of attacking a website, they attack the CEO or another high-profile executive of the company. Click here to learn more about CEO fraud from the professionals at Proofpoint.
The modus operand is for criminals to source the CEO or top executive email address and name. Either by telephone fraud or simply calling up a to inquire if the name and contact details they currently have are correct. Then an email is sent to the CEO using the details gathered to make it seem genuine or sent to others in the company instructing them to act in a way that unwittingly leads to financial fraud and theft. Once opened or read, unless your company cyber security is able to defend against it, these emails will allow access at the highest level. Such emails are increasingly sophisticated, more so than the run-of-the-mill bulk emails sent to elicit responses, and as such, they must be understood to be combated effectively.
CEO fraud is one of the most popular phishing methods that cybercriminals now target businesses and individuals. Having a clear understanding of what this is should allow you and those in your employ to avoid this scam. If the email is unsolicited and unknown, then its best to simply delete it and if the offer seems too good to be true, it likely is.