With so many hacking attacks striking businesses from all sides, many people forget that not all threats come in the form of a virus or malware. In addition, businesses must also watch out for scams and frauds, particularly CEO fraud.
CEO fraud has been on the rise over the last several years. Companies are losing money, and businesses have failed. In fact, according to the FBI, “hackers sought to steal over $3 billion through wire-transfer fraud”.
What is CEO fraud?
CEO fraud is a scam where online criminals spoof the e-mail accounts of a company they have decided to target. They attempt to impersonate someone of importance, hoping to trick an accounting employee into sending money or confidential data.
Although these wire transfers never have the proper authorization, most employees obey the request of an executive.
So, by social engineering and different computer intrusion techniques, scammers could compromise a company’s emails. The businesses most at risk are those that work with international suppliers because they perform wire-transfer payments more often.
While it is hard to believe that these methods would work, scams were the number one reason companies lost money in 2016.
Business Economic Losses Are Very Real
A special department of the FBI, called IC3 (Internet Crime Complaint Center) investigates online scams and extortion.
A report it released in June 2017 said the biggest losses came from BEC, or “Business E-mail Compromise.”
It states the total reported loss in 2016 alone was $360,513,961. It is the biggest issue currently. The second biggest cause was “Confidence Fraud/Romance,” at $219,807,760.
The total number of complaints listed was 17,146. However, numbers are estimated to be exponentially larger as not every company affected chooses to file a report. If you wish to file a complaint, you can do it here.
How to prevent CEO fraud from happening?
We recommend using the following actions to prevent these scams.
1. Identify high-risk users
Scammers usually attempt to target one specific employee. They regularly target C-level executives, and IT, HR, and/or Accounting staff members. By increasing your employees’ awareness, your company stands a much better chance of stopping the attack.
2. Implement a layered cyber security protection strategy
After dealing with the possibility of human error, it’s key for your company to make you’re your cyber security defenses are up to par with a layered strategy. No matter your business size, you should consider at a minimum:
- Quality email spam
- End-point security (fancy word for anti-virus/anti-malware protection)
- Patch management (automatic software updates)
- Two-factor authentication to prevent unauthorized usage of your accounts
- Strong password policies and using password managers
3. Set up clear policies concerning wire transfers
By setting up clear wire-transfer policies, you ensure the unauthorized transfers would appear less in your company’s reports. Also, there should be multiple authorizations and several steps required before an employee can perform the transfer. Another idea is to include a non-e-mail validation of instructions. That way, scammers will have a more difficult time tricking employees. Finally, implement a wire amount limit as the last line of security.
4. Provide cyber security awareness training for your staff
You might think that video training or in-person training can be enough for employees to question any suspicious e-mail. Unfortunately this training can only do so much and oftentimes doesn’t stick. Practical training is necessary. Employees must be exposed to simulated phishing attacks and tests should be conducted regularly to keep them on their toes.
These are some options your company can take to prevent attacks. Envision has a team of professionals that can help increase your company’s security. Schedule a call today.