CEO Fraud: The latest email scam costing businesses billions

Picture this: you receive an email from your company chief executive informing you that a previously agreed deal is finalised and you are now required to perform the wire transfer. The email address and the information is credible. Why should you doubt it?

Except it isn’t really your boss. Despite coming directly from their email address, and without any signs of hacking, this is a scam technique mimicked across the world that has resulted in losses of at least $26bn (£21bn) in the last three years.

Although these scams seem rather unavoidable for their convincing style and methods, a massive takedown operation of global cyber-crime networks has begun, which saw the arrests of 281 suspected hackers across 10 different countries earlier this month.

While measures are being put in place to try to take down these cybercrime networks, Consider IT is here to give you some advice on how to spot these scams and on how you can avoid falling victim to them.

Firstly, everyone should be vigilant. Typically, scammers would aim for those at the top of the hierarchy of major companies – such as chief executive officers or chief finance officers – but now, more and more, criminals are reaching out to unsuspecting victims lower down the food chain.

A common tactic that’s employed is the manipulation of human resources departments. In these cases, we see hackers spoofing a victim’s email in order to contact HR to request that their wages be sent to a new bank account.

We’d advise that companies stay on high alert on Monday mornings. Knowing the way offices work, hackers try to rely on a sense of weekend ‘jetlag’, hoping that the backlog of emails that gathered over the weekend out of office will help their dodgy email go unnoticed. Due to the way spam filtering has evolved, many scammers will not bother spoofing the email address, and only change the ‘From’ name so it always worth looking at the actual email address the email has come from.

Similarly, a fake forward or reply has evolved as a new line of attack. Scammers simply start their subject with “Re:” or “Fwd:” to imply previous correspondence to trick victims into believing it’s legitimate. It obviously works, since researchers have found that fraud attempts of this sort have increased by more than 50% year-on-year.

Overall, as email spoofing is, in theory, a very simple technique in scamming, it is hard to suggest that it will be going away anytime soon. So, we at Consider IT would suggest that vigilance and awareness of these sorts of attacks is one of the best tools you can use to fight them.

Consider IT also offers a range of staff training programmes to ensure that your company is in the safest hands. Through our Cyber Essentials and Cyber Essentials Plus schemes, we offer easy solutions to sometimes complex problems. Our human touch puts your people at the heart of your tailor-made security plan that will not skimp on productivity. Our methods are proactive, rather than reactive, to infiltrate a hack before it happens, so you’re not left picking up the pieces when the damage is done.

Protect your data, your network, and your people by talking to our team today.