Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.
CEO fraud is a type of cyberattack in which a fraudster impersonates a company executive via email. This could be your CEO, CFO, Head of HR — or anyone with the power to ask employees to make payments.
Typically, the attacker will target an employee at a target organization and trick them into transferring them money.
A CEO fraud email will usually urgently request the employee to pay a supplier’s “invoice” using new account details. Cybercriminals use sophisticated techniques and meticulous research to make the attack as persuasive as possible.
Why do cybercriminals impersonate CEOs and other high-level executives? Two reasons:
There’s some confusion about CEO fraud and how it relates to other types of cybercrime. Let’s clear a few things up before looking at CEO fraud in more detail.
CEO fraud is related to the following types of cybercrime:
CEO fraud is not to be confused with “whaling”: a phishing attack where the cybercriminal targets — rather than impersonates — a CEO or other senior company employee.
More on that in this article: Whaling: Examples and Prevention Strategies.
There are three main ways cybercriminals can compromise a CEO’s email account:
A CEO fraud attack usually involves one of the following types of cybercrime:
Like all social engineering attacks, CEO fraud attacks exploit people’s feelings of trust and urgency. When the CEO is “in a meeting” or “at a conference” and needs an urgent favor, employees don’t tend to second-guess them.
Here’s how a CEO fraud email might look. Now, for the sake of the example, imagine your boss is Thomas Edison. Yes, that Thomas Edison.
There are a few things to note about this CEO fraud email:
There’s one more thing to note about the email above. Look at the display name — it’s “Thomas Edison”. But anyone can choose whatever email display name they want. Mobile email apps don’t show the full email address, leaving people vulnerable to crude “display name impersonation” attacks.
That’s why it’s so important to examine the sender’s email address and make sure it matches the display name. Remember: on mobile, you’ll have to take an extra step to view the email address. But, it’s worth it.
It’s important to note that the difference between the display name and email address won’t always be easy to spot. Why? Because fraudsters can create look-a-like email addresses via “domain impersonation”. Let us explain.
An email domain is the part of the email address after the “@” sign. A cybercriminal impersonating Bill Gates, for example, might purchase a domain such as “micros0ft.com” or “microsoft.co”.
Likewise, using “freemail impersonation”, a more unsophisticated attacker might simply set up an email account with any free email provider using the CEO’s name (think “[email protected]”).
It’s undeniable that cybercrime is on the increase. FBI statistics show that the total losses from cybercrime rose from $1.5 billion in 2016 to $4.3 billion in 2020. Business Email Compromise (BEC) has also “increased, grown in sophistication, and become more targeted” due to the COVID-19 pandemic, according to Interpol.
But what about CEO fraud itself? CEO fraud once dominated the cybercrime landscape. However, there is some evidence that cybercriminals are moving away from CEO fraud and towards a broader range of more sophisticated social engineering attacks.
The FBI’s Internet Crime Complaint Center (IC3) estimates the global losses associated with BEC at over $28 billion in the period from 2016-20 and cites a 61% increase in BEC incidents over the same period.
But this figure doesn’t distinguish CEO fraud from other types of BEC. The IC3’s 2019 cybercrime report suggests while CEO fraud previously dominated BEC, cybercriminals now impersonate a broader range of actors, including vendors, lawyers, and payroll departments.
But CEO fraud is still a big deal. In December 2020, the Bank of Ireland warned of an increase in Brexit-related CEO fraud attacks. The bank’s staff were reportedly dealing with two to three CEO fraud attacks per week, with some attacks compromising millions of euros.