What is CEO fraud, and how can it be avoided?
Cybercriminals benefit significantly from the success of cyberattacks known as CEO fraud and the evolution of technology behind the proliferation of this type of attack.
What is CEO fraud?
CEO fraud, or “Business Email Compromise” (BEC), is a cyber scam in which criminals impersonate a company’s CEO or senior executive to deceive employees and obtain money transfers or confidential information. This type of fraud has gained notoriety in recent years due to its effectiveness and the significant financial impact on organizations.
CEO fraud is characterized by its sophistication and the use of social engineering techniques. Cybercriminals thoroughly investigate the targeted company, gathering information about its organizational structure, executives, and employees. They use this information to create forged emails, apparently sent by some senior official, that appear authentic and often contain a sense of urgency.
These emails may request money transfers to bank accounts controlled by the criminals or the disclosure of sensitive information.
Some of the techniques used to carry out CEO fraud are:
- Identity theft. Scammers create email addresses that mimic those of the company’s top executives. Sometimes, they even compromise executives’ real email accounts to send fraudulent messages.
- Social engineering. Criminals use persuasion tactics to gain the trust of employees. They may impersonate the CEO or a senior executive, even mimicking their way of communicating and writing, and request urgent actions, such as money transfers, citing critical business reasons.
- Psychological manipulation. Fraudulent emails often contain a sense of urgency and pressure for employees to act quickly without following the usual verification procedures. This can include subtle threats or the promise of rewards.
The impact of CEO fraud can be devastating for businesses. Financial losses are often significant, and recovering stolen money is difficult or impossible.
You may be interested in our content→ How to prevent social media impersonation.
How CEO Fraud Works: Main Steps
As we’ve already seen, CEO fraud is a sophisticated tactic that cybercriminals use to trick a company’s employees into obtaining financial benefits or sensitive information. This type of fraud relies on psychological manipulation and social engineering to achieve its goals. The typical steps that fraudsters take to carry out CEO fraud are:
Research and information gathering
The first step in CEO fraud is thoroughly investigating the target company. Cybercriminals collect information about the company’s organizational structure, senior executives’ names and titles, and employees with access to finances or sensitive information.
This information is obtained through various sources, such as social networks, corporate websites, and public databases.
Impersonation
Once the scammers have gathered enough information, they create email addresses that mimic those of the company’s top executives. Sometimes, they even compromise executives’ real email accounts to send fraudulent messages.
These spoofed emails are designed to look authentic and often contain specific details that increase their credibility.
Sending the fraudulent email
Cybercriminals email company employees, posing as the CEO or a senior executive. These emails typically feel urgent and ask for immediate action, such as money transfers to bank accounts controlled by criminals or disclosing sensitive information.
Scammers use persuasion and psychological manipulation tactics to convince employees to act quickly without following the usual verification procedures.
Psychological manipulation
Emails involved in CEO fraud include psychological manipulation to increase the likelihood of success. For example, subtle threats, such as the possibility of losing an important business opportunity, or promises of rewards, such as a promotion or bonus.
Fraudsters also take advantage of times of high market pressure or changes in the company, such as mergers or acquisitions, to increase the credibility of their requests.
Execution of the scam
Cybercriminals achieve their goals if employees fall for the trap and perform the requested actions. Money transfers are sent to bank accounts controlled by criminals and are almost impossible to trace, or the sensitive information obtained is used for other malicious purposes.
Strategies to avoid CEO fraud
Preventing CEO fraud requires taking security measures specifically aimed at these types of attacks, such as:
Establishing Verification Protocols
It is one of the most effective measures to prevent CEO fraud. These protocols ensure that any request for money transfer or disclosure of confidential information is verified before execution. Some best practices include:
- Verbal confirmation: Require that any request for money transfer be confirmed verbally via a direct phone call to the executive supposedly sending the email.
- Two-factor authentication: Implement a two-factor authentication system for financial transactions. Of note, for its effectiveness, is the obligation to have the approval of two or more people in the organization for any significant money transfer.
- Escalation procedures: Establish clear procedures for escalating suspicious requests to a higher management level for review and approval.
Email Protection
Email protection is crucial to preventing CEO fraud. Businesses should implement email security solutions that include:
- Advanced spam filters. Advanced spam filters block suspicious emails before they reach employees’ inboxes.
- Email authentication. Implement email authentication protocols such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting Conformance) to verify the authenticity of incoming emails.
- Phishing detection. Use phishing detection tools that identify and block fraudulent emails. These tools analyze email content for signs of phishing and alert employees to potential threats.
- Education and awareness. Train employees on identifying suspicious emails and what to do if they receive one. It includes teaching them to verify email addresses, look for grammar and spelling errors, be suspicious of unusual communication tones, and not click links or download attachments from unsolicited emails.
External confirmation procedures
Companies should establish external confirmation procedures and internal verification protocols to ensure the authenticity of money transfer requests.
- Verification with the bank. Before processing any money transfer, check the request with the bank to ensure it is legitimate. This may include confirmation of the applicant’s identity and review of the destination bank account.
- Emergency contact list. Maintain an emergency contact list that includes the phone numbers and email addresses of senior executives and other key employees. It allows for quick and direct confirmation of any urgent request.
- Review of transactions. Implement a transaction verification process that includes verification of any significant money transfers by multiple people. This helps ensure that requests are legitimate and that proper procedures are followed.
Is it possible to detect signs to avoid being a victim of CEO fraud?
Knowing signs of potential CEO fraud is crucial to preventing such attacks. To do this, employees must be familiar with the various warning signs, and the organization must be aware of the threats to which it is exposed at all times that can be used to arm the attack.
Red Flags
Several red flags can indicate a fraud attempt by the CEO.
- Emails with grammatical, spelling, or tone errors: fraudulent emails often contain errors or unusual communication tones that should always alert and force verification.
- Urgent action requests: Scammers often create a sense of urgency for employees to act quickly without following standard vetting procedures.
- Suspicious email addresses: Email addresses that mimic those of senior executives but with slight variations are a clear sign of fraud.
- Unusual requests: Any request that does not follow the company’s usual procedures should be considered suspicious and verified.
Monitoring techniques
To detect possible attempts at fraud by the CEO, it is convenient for companies to implement monitoring techniques that include all web layers.
Surface Web Monitoring
The surface web includes all websites accessible through conventional search engines. Monitoring tools track mentions of the organization, executive names, and other sensitive information on blogs, forums, and social media. They help identify potential attempts by cybercriminals to collect information.
Deep Web Monitoring
The deep web includes content not indexed by conventional search engines, such as databases, private forums, and password-protected websites. Specialized monitoring tools track suspicious activity on these sites. It includes searching for leaked information, such as login credentials, that cybercriminals could use to engineer a CEO fraud attack.
Dark Web Monitoring
The dark web is a part of the deep web that requires special software to access, such as Tor. It’s commonplace to sell and share stolen information. Specialized monitoring tools track the sale of sensitive information, such as email credentials, financial data, and sensitive personal data. They provide an early warning that cybercriminals are collecting information for a potential attack.
Behavioral Analysis
Behavioral analysis tools help identify unusual activity in email accounts and financial systems. They detect anomalous behavior patterns, such as login attempts from unusual locations or unauthorized money transfers.
Regular Audits
Regular audits of financial transactions and electronic communications are essential to detect anomalies. Audits help identify suspicious activity and patterns and ensure that proper security procedures are in place and followed.
Relevant Examples of CEO Fraud
We know some of these attacks when they jump into the media, but they are not all, as most companies try to prevent them from going public for reputational reasons.
- Ubiquiti Networks (2015). The scammers used spoofed emails to trick employees of this tech company into making money transfers to bank accounts controlled by the criminals. The financial loss amounted to $46.7 million.
- FACC (2016). Austrian aerospace company FACC suffered a CEO fraud that resulted in a €50 million loss. The scammers posed as the CEO and emailed employees requesting money transfers for a purported acquisition.
- Crelan Bank (2016). The Belgian bank Crelan Bank was the victim of CEO fraud, which resulted in a loss of 70 million euros after the scammers deceived some employees by asking for different transfers.
- Zendal Pharmaceutical Group (2020). In Spain, immersed in the pandemic, the group’s CFO transferred €9 million following the alleged urgent and confidential order of the company’s CEO, whose email had been tapped by a cybercriminal.
- Caritas Luxembourg (2024). Although it remains under investigation, Caritas Luxembourg’s financial collapse, caused by the transfers of 61 million euros to 14 different bank accounts over five months, is blamed on CEO fraud, who deceived the organization’s financial director.
Enthec helps you manage your organization’s threat exposure
Thanks to its Threat Exposure Management (TEM) solutions, Enthec allows the organization to monitor the different layers of the web to locate the leaked and exposed information available to anyone who wants to use it to design a CEO Fraud attack. This includes sensitive corporate information and the personal information of the CEO and senior executives so that the organization can neutralize its effects even before the attack is executed.
Contact us to learn more about how Enthec can help you avoid CEO fraud and other social engineering techniques and the costly financial impact that comes with them.