Phishing models

What is a CEO fraud attack and how can it be prevented?

CEO Fraud: An Acquisitive Email Scam CEO fraud attacks are dangerous versions of phishing attacks that often use the authority of a company’s CEO to achieve it’s – malicious – goal. By impersonating a CEO, the attacker directs a fake email to an employee (usually from the finance department), typically demanding the employee to make a deposit to the bank account of the hacker. To minimize skepticism and scrutiny, the attacker will create a sense of urgency in the fake email.

The reason why CEO fraud attacks are considered as incredibly dangerous is due to the fact that the attacker relies on the authority of the CEO in order to trick employees into transferring money into their account or providing extremely sensitive data. An email from the CEO will certainly grab employees’ attention, and most employees won’t question the CEO’s order. This increases the chances of employees seeing the email and immediately following through on whatever they were instructed to do. This has become a prolific problem, resulting in losses of millions of dollars for firms of all sizes.

CEO fraud attacks, How does it work?

There are two main ways in which a CEO fraud attack can occur:

  1. Email spoofing attack
  2. Business Email Compromise BEC attack

Email spoofing involves tactics like name spoofing, in which the scammer will use the name of your CEO but a different email address. The email address used can be extremely similar to the targeted company’s domain with some transposition in letter order. By only checking the name or not spotting the differences in the sender’s address, it can lead the recipient into trouble. Refer to our article ‘What is spoofing?’ for more information about Email spoofing.

What is a Business email compromise attack?

A business email compromise attack, however, is when the scammer uses both the same name and email address of the CEO. By using a reply-to address that differs from the sender’s address, the attacker ensures that your reply goes to them instead of the CEO. Refer to our article ‘What is a ‘Business Email Compromise’ BEC attack?’ for more information regards Business Email Compromise attacks.

CEO fraud attacks are able to avoid spam filters since they are more targeted in nature in comparison to mass-mailing campaigns, and they are free from typical junk mail traits. These emails are backed by clever attackers who sound convincing and avoid conversations that can raise suspicions about their identity. Another tricky aspect about these emails is that unlike usual spam emails, they rarely contain any spelling or grammatical mistakes.

Furthermore, attackers invest a considerable amount of time obtaining insider information about the company, which is why these operations are mainly one-on-one. The attackers targets specific individuals of a company and are mostly aware of the way how they communicate. These characteristics combined are making it extremely challenging for companies to prevent CEO fraud.

Example of a CEO fraud attack

One CEO fraud attack took place on November 2017, in which a CEO scammer successfully ripped off a female employee, stealing thousands of dollars from her organization. Using a very casual tone, the attacker impersonated her CEO, asking whether she can handle a pending international payment on an urgent basis. After a few casual email exchanges about her availability, the attacker directed her to transfer $30,120 to a specified account.

Here is a sentence from the actual conversation, explaining how carefully drafted words and tone were used: “The amount is for $30,120. I am guessing it is very late already for the transfer, or can you still get it done today?”

As you can see, the attacker made sure not to press the victim to avoid any suspicions. Unfortunately, the victim failed to identify the fraud and went on to transfer the said amount.

How to prevent CEO fraud?

Among the most common methods to deal with CEO fraud include conducting security awareness training sessions to build security awareness about the threat. However, it should be noted that these sessions aren’t beneficial when it comes to preventing an attack or aren’t effective when it comes to preventing an attack.

However, one great way to tackle CEO fraud is DMARC (Domain-based Message Authentication Reporting and Conformance). Whether it’s spoofing or Business Email Compromise, DMARC allows you to authenticate all valid email sources and provides the ability to gain full visibility and governance across all email channels. It enables organizations to determine which sources are sending emails on their behalf. Once the DMARC policy is enforced to ‘reject,’ all malicious emails, will be blocked from landing in the recipients’ inbox.

Make sure your organization is protected against CEO fraud attacks

Validate your domain by using the DMARC record checker.