Cybercriminals’ tactics are becoming increasingly sophisticated, with a significant rise in email phishing scams, particularly over the past five years. One such tactic is known as ‘CEO fraud’, or “Business Email Compromise’, and is a phishing campaign that could potentially cost your business a lot of money.
CEO fraud occurs when cybercriminals hack the email account belonging to the CEO of the company, using it to contact employees of the company, requesting the transfer of funds. The criminals usually target finance, HR, IT, the executive team, and departments with financial authority. CEO fraud is a sophisticated scam and not always easy to spot, which is why awareness and training is key.
There are several steps companies can take to limit the damage of a CEO fraud phishing attack.
Check and verify sender address
Always check where the email originated. Fraudsters may change the name associated with an email account so that it appears to be from your CEO; the true address will be displayed by hovering over or clicking the sender’s name. Even if the address appears to be correct, make sure you follow all internal processes regarding transactions.
If you are at all unsure about a transaction, call the assumed sender to verify.
Review internal policies regarding the initiation of transactions, ensuring such transactions are regarded as high-risk processes. Teach staff how to spot fraud and report it, and provide a point of contact in case of any queries.
Keep your software up-to-date and set alerts to inform you if your system has been compromised. Anti-fraud software can help assess risks and detect fraud, and is a valuable tool to implement alongside other approaches.
Be wary of urgent transfers
Be wary of high-sum transfers, urgent transfers and emails requesting assistance paying an invoice. These may be genuine, but assume they are not until verified. Never pass any personal details to an unverified sender via email.
By implementing these steps and ensuring that everyone with financial authority follows stringent protocols, you can protect your business from potentially costly CEO fraud.