What is CEO fraud?CEO fraud is a scam where online criminals spoof the e-mail accounts of a company they have decided to target. They attempt to impersonate someone of importance, hoping to trick an accounting employee into sending money or confidential data. Although these wire transfers never have the proper authorization, most employees obey the request of an executive. So, by social engineering and different computer intrusion techniques, scammers could compromise a company’s emails. The businesses most at risk are those that work with international suppliers because they perform wire-transfer payments more often.
While it is hard to believe that these methods would work, scams were the number one reason companies lost money in 2016.
Business Economic Losses Are Very RealA special department of the FBI, called IC3 (Internet Crime Complaint Center) investigates online scams and extortion. A report it released in June 2017 said the biggest losses came from BEC, or “Business E-mail Compromise.” It states the total reported loss in 2016 alone was $360,513,961. It is the biggest issue currently. The second biggest cause was “Confidence Fraud/Romance,” at $219,807,760. The total number of complaints listed was 17,146. However, numbers are estimated to be exponentially larger as not every company affected chooses to file a report. If you wish to file a complaint, you can do it here.
How to prevent CEO fraud from happening?We recommend using the following actions to prevent these scams.
1. Identify high-risk usersScammers usually attempt to target one specific employee. They regularly target C-level executives, and IT, HR, and/or Accounting staff members. By increasing your employees’ awareness, your company stands a much better chance of stopping the attack.
2. Implement a layered cyber security protection strategyAfter dealing with the possibility of human error, it’s key for your company to make you’re your cyber security defenses are up to par with a layered strategy. No matter your business size, you should consider at a minimum:
- Quality email spam
- End-point security (fancy word for anti-virus/anti-malware protection)
- Patch management (automatic software updates)
- Two-factor authentication to prevent unauthorized usage of your accounts
- Strong password policies and using password managers