Cyber criminals come up with new scams to dupe users every day. Most employees receive and open email messages on a daily basis, and all a cyber criminal needs is to get a user to click on one email that they shouldn't.
One of the most common email scams that has affected businesses around the world in recent years is CEO fraud. In this article we'll look at what this pernicious scam involves, and how you can help keep your business safe.
CEO fraud is the use of email messages to impersonate a company's CEO in an attempt to dupe employees into giving up money or sensitive information. Similar scams could impersonate another senior member of staff.
Due to the authority possessed by a senior executive, any email sent by them to a member of staff is likely to receive immediate action. An employee will want to appear responsive and quick to help out their company management, so they are likely to spring into action without stopping to think about what they are doing.
The urgency and authority that is inherent to communications from a senior executive is what makes CEO fraud scams so difficult to deal with. It is hard to train users to question any request made to them by a superior, which is why cyber criminals repeatedly dupe users in companies all across the world with this scam.
Watch this quick video from the BBC showing how attackers leverage stolen credentials on the dark web to send phishing emails from high-level executives.
You'll also see an example taken from usecure's very own uPhish template library.
Training users to deal with requests and emails in the correct manner is key to dealing with CEO fraud scams. If users take the right precautions whenever they receive an urgent or unusual request, it will be much harder for a cyber criminal to slip in an email unnoticed.
It's important that all members of staff in your business know:
Here's an example of a CEO fraud phishing email. In this scam, the sender impersonates the CEO of a company and asks an employee for 'help' while they are out of the office. The 'help' involves making a payment to a new bank account - one controlled by the cyber criminal.
Since a CEO holds authority over the functions of a business, it is likely that employees will promptly carry out any request given to them by the CEO. As such, emails like this have a very high success rate in defrauding companies of their money.
Any employee can be at risk of falling for a CEO fraud scam, but there are actions you can take to significantly reduce the risk factor in your company. With the proper technological safety measures, training courses and testing solutions, employees will be far less likely to fall for phishing emails.
CEO fraud has a high success rate in defrauding companies of all sizes due to its authority-driven nature. Without the right training and testing solutions being implemented in a business, it is only a matter of time before an employee falls victim.
Regular security awareness training and phishing simulations can help save your business time and money that would otherwise be spent on dealing with breaches, and protect your business' reputation in the long term.
Grab your free 14-day trial of the usecure human risk management platform today.