What is CEO fraud?
CEO fraud, also known as executive phishing, is when a hacker impersonates a senior executive within an organization and attempts to dupe employees into providing sensitive company information, sharing account credentials, or transferring funds.
This type of spear phishing attack usually sees the criminal, posing as a senior leader within the company, send an urgent and confidential request to an employee.
Also known as Business Email Compromise, CEO fraud has been labeled by the FBI as a $26 billion scam, and affects more than 400 organizations every day. While most CEO fraud attempts are carried out through spear-phishing attacks, hackers also use executive whaling and social engineering techniques to secure confidential information from oblivious individuals.
Examples of CEO fraud
CEO fraud emails often demand urgency and secrecy to convince employees to act without verifying whether a request is legitimate. A successful CEO fraud phishing attack can result in serious financial losses, in addition to large-scale data breaches.
Take Scoular, for example. A grain trading and handling firm, Scoular fell victim to a CEO fraud attack in which a person pretending to be the company’s CEO tricked an employee into transferring $17.2 million to a Shanghai bank account.
The attacker was able to effectively impersonate the email accounts of the CEO and other relevant parties to make it seem that the transfer was needed to close a crucial deal. Needless to say, Scoular is still recovering from the monumental losses, both to their finances and reputation.
How to prevent CEO fraud
Educating employees on how to spot CEO fraud attempts is a crucial starting point to stopping CEO fraud in its tracks. For further safeguarding, implement anti-spear phishing software that can automatically detect and block suspicious emails so your employees are never put in a dangerous situation.
Vade’s spear phishing prevention technology uses artificial intelligence, including Anomaly Detection and Natural Language Processing, to identify impersonation attempts and malicious patterns in spear phishing emails.