What is CEO Fraud/ BEC?
Our most recent white paper discusses email takeover, but it is becoming such a common email attack we felt it necessary to go touch on the subject again.
An evolving email attack called CEO Fraud or Business Email Compromise (BEC) is a growing problem. Cyber attackers take the time to research their targets and use tactics to trick their victim into doing something they shouldn’t.
How is it successful?
Because this tactic does not utilize attachments or malicious links, typical security technologies cannot catch them, which is why informing yourself and the people within your organization is that much more important.
For an attacker to be successful he must first research his intended victim and the people they interact with. For example, the people within your office or organization. They then create an email disguised as one of these people and convince you that it is urgent you take the action stated in the email.
Common Scams
Wire transfer is a common way cyber attackers get a victim to send them money. In the email, they pressure their victim into transferring money by telling them there is an emergency and they must send it right away to a new account, when actually they are sending money to the criminal.
Another common scam attempts to access the tax information of the employees of a company. This email tactic is usually sent to someone within Human Resources and appears to be from a senior executive who urgently needs the tax information of all the employees. HR believes they are sending the requested information to the executive when they are really sending it to a cyber criminal.
Related: Read more stories in our white paper
How do you protect yourself?
Learn what to look for. Here are some of the most common clues:
– the message is short
– the signature includes it was sent from a mobile device
– there is a strong sense of urgency, usually pressuring you to ignore company policies
– the email appears to be from a personal email address, not a work-related one
– the tone of the email is out of character for the person whom it is said to be from
– in respect to payments, the instructions differ from normal procedure
If you are suspicious of an email, do not reply to the sender but report it to your supervisor immediately. If a transfer has already been made alert the bank, then law enforcement.
Related: How to identify a phishing email
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
