In a recent incident between July 1 and July 10 – 2024, a Pune-based real estate company lost four crore rupees due to CEO fraud. Cybercriminals tricked company employees into transferring funds into fake bank accounts by impersonating the chairperson of the company. This is Whaling.
A whale phishing attack, called CEO fraud, targets high-level executives who conduct fraudulent activities. Here’s everything that you need to know about CEO fraud.
What is CEO Fraud?
CEO fraud is a well-planned and executed action where cybercriminals appear as the CEO, CFO, and CTO of the company and trick senior officials into sharing confidential information or transferring lump amounts to their bank accounts.
More than 400 businesses are targeted by CEO fraud each day, with losses totaling almost $1 billion per year.
Although the name must suggest, CEOs are not the only ones in the target list of whaling attacks. Here are the top three departments in the company that are most prone to CEO frauds.
- Finance department – The department often only requires an email from an executive to complete a transaction. Threat actors usually observe for a month before executing the attack to finally send a request to the right authorized person.
- Executive team – A bunch of executives mostly have high financial authority and thus fall as a high-value target. Logging onto their systems gives the cybercriminals access to the required confidential information.
- HR team – Recruiters are required to open resumes and cover letters of all sorts for hiring and onboarding purposes. Opening a resume with spyware can lead to the loss of security data to cybercriminals.
Now, here’s how professionals of these teams can recognize such frauds from a mile away.
Book a Free Demo Call with Our People Security Expert
How to Timely Recognize a CEO Fraud?
Here are certain subtle hints that require a keen eye for detail and detect the same.
- Stay alert for the CEO emails received at odd hours or after office hours. Fraud attackers often target and ask for financial transactions when the receiver is unable to verify the same.
- Emails that strictly refrain the receiver from speaking about the email content are highly suspicious. Using secrecy is one of many tricks to avoid raising doubts among colleagues.
- Emails from higher authority are most of the time well-framed for obvious reasons. Detecting uncommon tone, language, and spelling errors is the point of doubt for every employee.
- The last and most common is urgency in the content of the mail. Fraudulent CEO emails are designed to make the receiver act without thinking of the aftermath. If the mail is time-sensitive, mentioning the loss that’ll happen if action is not taken, then it’s likely to be fraudulent activity.
The best way to avoid falling for such scams and frauds is to educate all the executives and other team members and let them be aware of such scams. Introduce training programs and conduct regular assessments and mock rounds to know where your team stands in terms of cybersecurity.
Also Read:
CEO Fraud Caused $243000 to a UK-based Company
An employee of a UK-based energy firm believed to be on a phone call with the chief executive of the company and followed the order to transfer €220,000 ($243000) to a Hungarian bank account.
Well, based on the report from The Wall Street Journal, the cybercriminal called again a couple of times for another transaction but failed to succeed. Meanwhile, the amount transferred to a Hungarian bank account was then dispensed in Mexico and other locations, making the tracing almost impossible.
It isn’t necessary that cybercriminals take aid of email communication. CEO emails and CEO frauds can also be conducted over a phone call, a Zoom meeting, and more.
Read more about voice cloning: AI Voice Cloning – A New Threat to Businesses
How Can Threatcop Help Protect Against CEO Fraud?
Essential protocols like sender policy framework (SPF), domain-based message authentication (DMARC), and DomainKeys identified mail (DKIM) review the sender’s identity and address. This ensures that employees of the organization receive emails from verified and safe sources.
TDMARC by Threatcop is a tool designed for email authentication that aids the company in incorporating these essential protocols. TDMARC offers easy access to their email security statistics. This tool allows you to catch unauthorized sources trying to forge the domain name. Improve your domain’s email reputation with TDMARC’s highly beneficial features and 100% security against unauthorized use of your email domain.
Technical Content Writer at Threatcop
Ritu Yadav is a seasoned Technical Content Writer at Threatcop, leveraging her extensive experience as a former journalist with leading media organizations. Her expertise bridges the worlds of in-depth research on cybersecurity, delivering informative and engaging content.
Technical Content Writer at Threatcop Ritu Yadav is a seasoned Technical Content Writer at Threatcop, leveraging her extensive experience as a former journalist with leading media organizations. Her expertise bridges the worlds of in-depth research on cybersecurity, delivering informative and engaging content.