CEO fraud is a type of cybercrime in which the attacker impersonates a CEO or other company executive. The fraudster will most often use the CEO’s email account — or an email address that looks very similar to the CEO’s — to trick an employee into transferring them money.
This is one type of Business Email Compromise (BEC) — a serious cybersecurity threat that costs businesses billions each year. In this article, we’ll be talking you through the steps you can take to prevent successful CEO Fraud attacks on your organization.
If you want to learn more about BEC before diving into CEO fraud, you can check out this article: Business Email Compromise: What it is and How it Happens. You can also get an introduction to CEO Fraud in this article: What is CEO Fraud?
1. Raise employee awareness
Cybersecurity leaders know that security is everyone’s responsibility. Your whole team must understand what CEO fraud looks like. Staff training reduces (but does not eliminate) the likelihood that your employees will fall victim to an attack.
So how will employees know when a CEO fraud attack is underway? Let’s look at an example of a CEO fraud email and identify some tell-tale signs that it’s a scam.
First, note the lack of spelling errors. Poor spelling and grammar can be a phishing indicator, but this is increasingly unlikely among today’s more sophisticated cybercrime environment.
Also, notice the personal touches — Sam’s familiar tone, his references to Kat working from home, and his casual email sign-off. Fraudsters go to great efforts to research their subjects and their targets, whether via hacking or simply using publicly available information (for example, social media.)
These persuasive elements aside, can you spot the red flags? Let’s break them down:
The sender’s email address: The domain name is “abdbank.com” (which looks strikingly similar to abcbank.com, especially on mobile). Domain impersonation is a common tactic for CEO fraudsters.
The sense of urgency: The subject line, the ongoing meeting, the late invoice. Creating a sense of urgency is near-universal in social engineering attacks. Panicked people make poor decisions.
The authoritative tone: “Please pay immediately”: there’s a reason cybercriminals impersonate CEOs — they’re powerful, and people tend to do what they say.
Playing on the target’s trust: “I’m counting on you”. Everyone wants to be chosen to do the boss a favor.
Westinghouse’s “new account details”: CEO fraud normally involves “wire transfer phishing” — this new account is controlled by the cybercriminals.
Your cybersecurity staff training program should educate employees on how to recognize CEO fraud, and what to do if they detect it.
Check the sender’s email address for discrepancies. This is a dead giveaway of email impersonation. But remember that corporate email addresses can also be hacked or spoofed.
Feeling pressured? Take a moment. Is this really something the CEO is likely to request so urgently?
New account details? Always verify the payment. Don’t pay an invoice unless you know the money’s going to the right place.
Looking for a resource that you can share with your employees? We put together an infographic outlining how to spot a spear phishing email.
While these are important lessons for your employees, there’s only so much you can achieve via staff training. Humans are often led by emotion, and they’re not good at spotting the small giveaways that might reveal a fraudulent email. Sometimes, even security experts can’t!
More on this here: Pros and Cons of Phishing Awareness Training.
2. Implement best cybersecurity practice
Beyond staff training, every thriving company takes an all-round approach to cybersecurity that minimizes the risk of serious fallout from an attack.
Here are some important security measures that will help protect your company’s assets and data from CEO fraud:
Put a system in place so employees can verify large and non-routine wire transfers, ideally via phone.
Protect corporate email accounts and devices using multi-factor authentication (MFA).
Ensure employees maintain strong passwords and change them regularly.
Buy domains that are similar to your company’s brand name to prevent domain impersonation.
Regularly patch all software.
Closely monitor financial accounts for irregularities such as missing deposits.
Use email security software.
All the above points are crucial cybersecurity controls. But let’s take a closer look at that final point — email security software.
3. Use email security software
Because CEO fraud attacks overwhelmingly take place via email (along with 96% of all phishing attacks), installing email security software is one of the most effective steps you can take to prevent this type of cybercrime.
Social engineering attacks like CEO fraud take advantage of people’s trust, anxieties, and deference to authority. These are fundamentally human qualities — even the most tech-savvy companies fall victim to social engineering attacks.
Here’s how the email security software product Tessian solves the problem of CEO fraud:
Tessian’s machine learning algorithms analyze your company’s email data. The software learns every employee’s normal communication patterns and maps their trusted email relationships — both inside and outside your organization.
Tessian inspects both the content and metadata of inbound emails for any signals suggestive of CEO fraud. For example, suspicious payloads, anomalous geophysical locations, out-of-the-ordinary IP addresses and email clients, keywords that suggests urgency, or unusual sending patterns.
Once it detects a threat, Tessian alerts employees that an email might be unsafe, explaining the threat in easy-to-understand language.
Click here to learn more about how Tessian Defender protects your team from CEO fraud and other email-based cybersecurity attacks. You can also explore our customer stories to see how they’re using Tessian Defender to protect their people on email and prevent social engineering attacks like CEO Fraud.
