We’ve talked about the dangers of CEO Fraud in the past. This fraud involves a criminal impersonating a company’s CEO. Often, the impersonator requests a transfer of money to complete a time-sensitive deal.
These attacks are very different than the poorly-crafted malware emails that land in your inbox every week; they are meticulously planned, often using inside information provided to the perpetrator. They can seem legitimate if a person doesn’t stop to think whether the request is out of character. They can use any combination of text messages, emails, and phone calls, and often include information that “only the CEO” would know. An example of an actual email chain (with names redacted) that resulted in a transaction is shown here.
It takes a lot of time to plan an attack like this. The reason people do it is that the payday can be so large. A single credit card number is only worth a few dollars on the black market. A single CEO fraud is worth tens of thousands of dollars, because that’s typically how much they request to be transferred.
Some crimes are more brazen. In late 2016, a wire manufacturer in Germany named Leoni disclosed that they had lost €40 million (around $48 million) to a single CEO fraud scam. Others involve sensitive data rather than cash. The IRS recently sent out a warning to payroll and HR professionals about a CEO fraud happening during tax season, where an email requested W-2s for review prior to being sent to employees. Falling prey to this would have resulted in every employee’s sensitive financial data being shared, which would be devastating to a company’s reputation, especially with its own employees.
You may have heard about these types of stories and the importance of being cautious so many times that it now seems like background noise. Don’t let that happen. Stay vigilant and encourage your employees to do the same. As we’ve written before, cyber attack prevention starts with user training, and the stakes are high if you get hit by CEO fraud.
To learn how WingSwept’s Managed Service offering can help keep your network secure from malware and other attacks, contact us at 919-779-0954 or at Team_WingSwept@WingSwept.com.