CEO Fraud – Heard of this before? Early last year FBI said organisations have lost over $2.3B in 3years for this scam. Mind you, many organisations which were affected don’t come forward to speak about the issue. Hence the losses could be bigger. What is CEO Fraud? It usually starts like this
These are sophisticated and aimed at executives, in most cases, CFO/FD/Financial Controller. The bad guys do their research to get the names/emails of the organisation then use the phishing, sends an email to CFO posing as CEO of the company and asks for a funds transfer [Check the image above. In most cases, the message looks exactly same]. Alternatively, they email employees from a look-alike domain name that is one or two letters off from the target company’s true domain name. For example, if the target company’s domain was “microsoft.com” the thieves might register “micros0ft.com” replacing ‘o’ with ‘0’.
The estimated loss per victim ranges between £20,000 to £60,000. Some companies have paid more than. Some paid in millions. Once the amount leaves your bank account you will have a maximum of 20-25mins to recover. Don’t be a victim.
These emails are not usually caught by spam filters as they are not mass targeted. The best security technology in the world can’t help you unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. Hence employee awareness can save you from these mishaps.
Employee awareness and Two-factor authentication can absolutely save your bacon. Also, the simple grammar mistakes in the email, as well as return email address [this is overlooked almost all the time], are easy giveaways for these scams. If your emails are being scanned prior to delivery ask your provider for an anti-spoofing option to be enabled. I know most hosted anti-spam providers offer this service. If you are not sure, give us a ring on 01224 51 61 81. Stay safe!