Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

CEO Fraud Prevention: 3 Effective Solutions

  • 14 January 2021

Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.

CEO fraud is a type of cybercrime in which the attacker impersonates a CEO or other company executive. The fraudster will most often use the CEO’s email account — or an email address that looks very similar to the CEO’s — to trick an employee into transferring them money.

That means that, like other types of Business Email Compromise (BEC), CEO fraud attacks are very difficult for employees and legacy solutions like SEGs to spot. But, there are still ways to prevent successful CEO fraud attacks.

The key? Take a more holistic approach by combining training, policies, and technology.

If you want to learn more about BEC before diving into CEO fraud, you can check out this article: Business Email Compromise: What it is and How it Happens. You can also get an introduction to CEO Fraud in this article: What is CEO Fraud?

1. Raise employee awareness

Security is everyone’s responsibility. That means everyone – regardless of department or role –  must understand what CEO fraud looks like. Using real-world examples to point out common red flags can help.

An example of CEO fraud that uses seniority and urgency to motivate the target to make a wire transfer.

It’s important to point out the lack of spelling errors. Poor spelling and grammar can be a phishing indicator, but this is increasingly unlikely among today’s more sophisticated cybercrime environment.

Also, notice the personal touches — Sam’s familiar tone, his references to Kat working from home, and his casual email sign-off. Fraudsters go to great efforts to research their subjects and their targets, whether via hacking or simply using publicly available information.

These persuasive elements aside, can you spot the red flags? Let’s break them down:

  1. The sender’s email address: The domain name is “abdbank.com” (which looks strikingly similar to abcbank.com, especially on mobile). Domain impersonation is a common tactic for CEO fraudsters.
  2. The sense of urgency: The subject line, the ongoing meeting, the late invoice. Creating a sense of urgency is near-universal in social engineering attacks. Panicked people make poor decisions.
  3. The authoritative tone: “Please pay immediately”: there’s a reason cybercriminals impersonate CEOs — they’re powerful, and people tend to do what they say.
  4. Playing on the target’s trust: “I’m counting on you”. Everyone wants to be chosen to do the boss a favor.
  5. Westinghouse’s “new account details”: CEO fraud normally involves “wire transfer phishing” — this new account is controlled by the cybercriminals.

Your cybersecurity staff training program should educate employees on how to recognize CEO fraud, and what to do if they detect it.

  • Check the sender’s email address for discrepancies. This is a dead giveaway of email impersonation. But remember that corporate email addresses can also be hacked or spoofed.
  • Feeling pressured? Take a moment. Is this really something the CEO is likely to request so urgently?
  • New account details? Always verify the payment. Don’t pay an invoice unless you know the money’s going to the right place.

Looking for a resource that you can share with your employees? We put together an infographic outlining how to spot a spear phishing email.

While these are important lessons for your employees, there’s only so much you can achieve via staff training. Humans are often led by emotion, and they’re not good at spotting the small giveaways that might reveal a fraudulent email. Sometimes, even security experts can’t!

More on this here: Pros and Cons of Phishing Awareness Training

2. Implement best cybersecurity practice

Beyond staff training, every thriving company takes an all-round approach to cybersecurity that minimizes the risk of serious fallout from an attack.

Here are some important security measures that will help protect your company’s assets and data from CEO fraud:

  • Put a system in place so employees can verify large and non-routine wire transfers, ideally via phone
  • Protect corporate email accounts and devices using multi-factor authentication (MFA)
  • Ensure employees maintain strong passwords and change them regularly
  • Buy domains that are similar to your company’s brand name to prevent domain impersonation
  • Regularly patch all software
  • Closely monitor financial accounts for irregularities such as missing deposits
  • Deploy an email security solution

All the above points are crucial cybersecurity controls. But let’s take a closer look at that final point — email security solutions.

3. Deploy intelligent inbound email security

Because CEO fraud attacks overwhelmingly take place via email (along with 96% of all phishing attacks), installing email security software is one of the most effective steps you can take to prevent this type of cybercrime.

But not just any email security solution.

Legacy solutions like SEGs and spam filters and Microsoft and Google’s native tools generally can’t spot sophisticated attacks like CEO fraud. Why? Because they rely almost entirely on domain authentication and payload inspection. Social engineering attacks like CEO fraud easily evade these mechanisms.

Tessian is different.  

Tessian Defender uses machine learning (ML), anomaly detection, behavioral analysis, and natural language processing (NLP) to detect a variety of signals indicative of CEO fraud.

  1. Tessian’s machine learning algorithms analyze your company’s email data. The software learns every employee’s normal communication patterns and maps their trusted email relationships — both inside and outside your organization.
  2. Tessian inspects both the content and metadata of inbound emails for any signals suggestive of CEO fraud. For example, suspicious payloads, anomalous geophysical locations, out-of-the-ordinary IP addresses and email clients, keywords that suggests urgency, or unusual sending patterns. 
  3. Once it detects a threat, Tessian alerts employees that an email might be unsafe, explaining the threat in easy-to-understand language.
“Tessian's unique approach to solving complex problems sets it apart from any other solutions I've worked with. ”
Chris Turek CIO, Evercore

Click here to learn more about how Tessian Defender protects your team from CEO fraud and other email-based cybersecurity attacks. You can also explore our customer stories to see how they’re using Tessian Defender to protect their people on email and prevent social engineering attacks like CEO Fraud.

[if lte IE 8]
[if lte IE 8]