Your phone dings or your email client puts up an alert – a message from the CEO. This must be important. You open it, scan it quickly, and there is a note asking to transfer a sum of money. The next decision you make could potentially be costly.

What is a CEO fraud email?

A business email compromise scam, commonly referred to as a CEO fraud email, is a combination of spear phishing, email spoofing, and social engineering techniques to create an extremely targeted email to someone in an organization, typically in finance. In many cases, the perpetrator pretends to be the CEO or another high-level individual of the organization. Messages like these typically avoid spam filters because they are not part of a mass-mailing campaign and are instead more targeted in nature, usually, devoid of the typical junk mail traits.

A recent survey by the Association of Financial Professionals, which polled treasury and finance professionals, found that 77 percent of organizations experienced attempted or actual business email compromise scams in 2017.

The recently released 2018 Trustwave Global Security Report published an email thread showing a real CEO fraud operation in action. As you can see, the attackers smartly make their ruse sound convincing, without delving into any conversation that would out them as an impostor.

The conversation reproduced here actually happened in November 2017 between a CEO scammer and the victim they successfully ripped off. Names and other identifying details have been changed:

From: John Smith
Sent: Monday, 13 November 2017 11:27 AM
To: Susan Brown
Subject: Urgent Attention

Are you available to handle an international payment this morning?
Have one pending, let me know when to send bank details.

Regards
John Smith
Sent from my iPhone

 

On Mon, Nov 13, 2017 at 1:33 AM,
Susan Brown wrote:

Hi John,
Sorry was caught up with a project – I’m here now – can I still help?

Susan Brown
Director

 

On Mon, Nov 13, 2017 at 4:29 PM,
John Smith wrote:

Can you still handle this right now? was very busy earlier.

Regards
John Smith
Sent from my iPhone

 

On Mon, Nov 13, 2017 at 6:01 AM,
Susan Brown wrote:

Hi John,
Just back – can do it for you now if that will help.

Susan Brown
Director

 

On Mon, Nov 13, 2017 at 5:48 PM,
John Smith wrote:

Yes it seem to be a very busy day. The amount is for $30,120 i am guessing it is very late already for the transfer or can you still get it done today?

Regards
John Smith
Sent from my iPhone

 

On Mon, Nov 13, 2017 at 6:50 AM,
Susan Brown wrote:

Hi John,
Is it set up ready to go in PC banking? I can’t see it there to authorise under international?
Cheers,

Susan Brown

 

On Mon, Nov 13, 2017 at 5:56 PM,
John Smith wrote:

Oh ok, please find a way around it, my day is really tied. Can i send you the bank details today still? Can the payment still go out?

Regards
John Smith

 

On Mon, Nov 13, 2017 at 6:58 AM,
Susan Brown wrote:

Hi John,
I can do my best but will do it from home tonight as have to leave theoffice now. Think they still go to 8 pm or so.
Send me all the details and I’ll try but usually Mary sets them up and we just authorise them. Will see what I can do – it’s no trouble as I know I can ask Mary from her home if necessary.
Leave it with us.

Regards
Susan Brown
Director

 

On Mon, Nov 13, 2017 at 7:02 AM,
John Smith wrote:

Ok then. Thanks
NAME: Acme
SORT CODE: 12341234
ACCOUNT: 123412341234IBAN: ABCD123412341234123412341234
SWIFT ABC:ABCD1234BANK: SOME BANK
ADDRESS: 3 Somewhere Place
Send me payment slip once it is completed.

Regards
John Smith
Sent from my iPhone

 

On Mon, Nov 13, 2017 at 7:14 AM,
John Smith wrote:

Please use this IBAN number for the account.
IBAN: ABCD12341234123412341234123412341
Ensure to send me the slip once its done. Thanks
N.B: confirm receipt of the new IBAN number.

Regards
John Smith

The Bad News

What happens next is that Susan sent the funds to the fraudster’s bank account. Once the wire transfer is made, the funds are instantly moved making it impossible to stop.

Protect Yourself and your Organization

The most practical way to keeping your company off the CEO fraud victim list is to educate those individuals, like Susan, to be on the lookout for these scams, how to identify them and what to do if you believe someone is trying to deceive you. Raise a red flag if your Organization typically does not due money transfers, or it is odd for the CEO to be asking for this, especially via email.

Organizations that typically perform money transfers should implement additional verification requirements, such as a verbal confirmation from the requestor. In the example given, if a verification process was in place, Susan may have called the CEO and received confirmation, if, in fact, this was a legitimate request.

It is extremely important to note that the verification technique chosen should not rely on email. If the account sending you messages has been compromised, the perpetrator will be able to confirm your email. It is recommended that the confirmation method be either a phone call or text message.

The organization can also consider adopting an additional step of authentication for access to email accounts. Note, however, that this will only help in the cases in which the impersonators compromised an executive’s email account, not when they spoofed the sender.

Copyright © 2018 powersolution.com. All rights reserved.