“URGENT TRANSFER OF FUNDS REQUIRED”, reads the subject line of a new e-mail in the top spot of your mail client. It appears your CEO/Managing Director desperately needs your help with something. You boot up your laptop again to quickly help out. Luckily, it’s only a 5-minute job; you save your CEO’s bacon like the financial hero you are and can continue with your evening.
What you didn’t realise was that the entire e-mail and situation was cleverly fabricated in the best way to have you transfer funds to a criminal bank account. Your organisation is now the latest victim of CEO Fraud, a special type of Spear Phishing attack in which your CEO or another senior employee is impersonated by criminals to quickly gain access to funds or sensitive information.
CEO fraud is on the rise and affects all organisations, regardless of size or sector
CEO Fraud or Whaling attacks are focused towards senior employees within organisations as they are seen as ‘high-value targets’ with direct links to the data, funds or administrative systems and applications that cybercriminals dream of accessing. The stakes are a lot higher in a Whaling attack and as a result, they are usually carefully crafted and difficult to spot.
Let’s take a look at CEO fraud in action…
In the attack above, ‘Dianne’ is the Financial Controller (the victim) and ‘Dan’ is the cybercriminal impersonating the Managing Director.
The timing of this particular attack is the key to its success. At this point in the day, you are likely to be switching off from work, meaning that your vigilance towards suspicious e-mails is typically lowered. It is also just out of hours but leaves enough time for you to quickly see to the actions required, with the criminal well-aware that you will be looking forward to starting your evening. Ultimately, the attack has been sculpted around the hope of you skimming past the details and just getting it done.
There are red flags within the e-mail though that can indicate that this is phishing.
Firstly, let’s take a look at the sender address. We can see that the domain of the organisation that you work for is being spoofed, with a triple ‘r’ in the word ‘arrow’. This isn’t really Dan, your Managing Director.
Secondly, any urgent request should raise suspicions. It would be correct to pause, read through the e-mail and think before you take any action.
There is an attachment in this e-mail, however, this is completely clean and would not be blocked by any e-mail security. The invoice looks completely plausible, however, the account details are linked to a criminal account.
In this case, you should call the real ‘Dan’ to check that this is all legitimate before taking any action. Regardless of the urgency, it is always best to take a moment and be sure.
How can your organisation protect against CEO fraud?
CEO Fraud commonly consists of someone in senior management being impersonated, meaning that phishing e-mails are being sent around appearing from them.
Enabling Advanced Threat Protection within your e-mail security is the first step you can take to block attacks like this. ATP (Advanced Threat Protection) knows who the details of the true person and blocks impersonation attempts, minimising the risk of employees receiving e-mails like this.
Security technology is essential for all organisations but is not a silver bullet. With attacks constantly evolving, the most effective way to protect your organisation against targeted attacks like CEO Fraud or Whaling is by regularly training employees on the latest cybersecurity threats and keeping them vigilant with ongoing phishing tests and remedial training.
CEO Fraud is a module within our Security Awareness Training and features in our bespoke Monthly Phishing testing, tailored around your organisation.