CEO Fraud is a scam where cybercriminals spoof company email accounts and impersonate executives to try to get an employee in accounting or finance to authorize wire transfers, or send out confidential tax information. These are termed 'Executive Whaling' attacks, they are sophisticated and hyper-targeted phishing attacks targeting top executives. Personalization and in-depth knowledge of the executive are the hallmarks of this type of fraud. According to the FBI, these business email compromise scams have accounted for more than $5 billion in losses to December 2018, with more than 24,000 victims reporting incidents worldwide. Would you take the risk of paying an invoice without checking its validity?
Here are some examples of phishing emails that threaten your business:
Hold on, should I be suspicious of that email from my boss? Yes, always think twice before you pay that invoice or transfer funds!
$5 billion lost due to phishing and BEC scams
Previously we highlighted the Scoular case was highly targeted phishing emails can be, The Scoular Co. lost $17.2 million in June 2014 as a result of phishing. Details of the case illuminate some of the warning signs of a phishing attack. Scoular has international business interests, and wire transfers are frequently used. So it did not raise a red flag when Scoular’s controller received an email to wire $780,000 to a Chinese bank. The email purportedly was sent by the CEO (it wasn’t). The money was to be wired to a real bank, Shanghai Pudong Development Bank. The controller transferred the money.
The next day he received a second email to wire $7 million dollars and to contact his auditing firm for details on sending the money. He then received those details (unsolicited) in email fashioned to look like it came from the auditors.
One of the emails read, “I need you to take care of this. For the last months, we have been working, in coordination and under the supervision of the SEC, on acquiring a Chinese company. ... This is very sensitive, so please only communicate with me through this email, in order for us not to infringe SEC regulations.”
The third and final email received three days later requested an additional $9.4 million. During the investigation of the affair, the controller told the FBI that he “was not suspicious of the three wire transfer requests’ because there was an element of truth to all of it”. Needless to say, the controller was fired from Scoular.
Phishers are preying on human nature. They collect information about your business from many sources:
In the case of Scoular, the phisher knew the name of their auditors and was aware that the company was pursuing interests in China. Phishers tend to start small and then escalate their requests with each success. Their first request in the Scoular case was for $780,000; their last was for $9.7 million.
Trust your first impressions of the email and consider the following:
If the message is suspicious, there are some steps you can take:
What is the easiest way to check if an email represents phishing? Use another communication method such as the telephone or snail mail. But do not use the address or telephone numbers in the email. Google the real company website or obtain the real phone number from online white pages or yellow pages. Otherwise, you could be contacting the phishers!
Phishing attacks aren't just increasing, they're evolving. Email is the #1 delivery vehicle for most malware (not just ransomware) Use advanced spam and malware protection that provides phishing protection. A solution like SpamTitan will block phishing emails before they reach your network.
In addition, the FBI recommends the following:
Training employees to recognize phishing attempts is vitally important, but thanks to the increasing sophistication of targeted phishing attacks, raising awareness alone isn't enough. Companies need to invest in strong anti-spam and anti-phishing security technology that protect their employees.
Due to the sophisticated nature of advanced persistent threats via email, SpamTitan’s latest release now includes a sandboxing feature and anti-spoofing layers. SpamTitan sandboxing protects against breaches and data loss from zero-day threats and sophisticated email attacks by providing a powerful environment to run in-depth, sophisticated analysis of unknown or suspicious programs and files. SpamTitan sandboxing will protect against malware, spear-phishing, advanced persistent threats (APTs) and malicious URLs, offering insight into new threats and helping mitigate risks.
Sign-up for email updates...