CEO Fraud Skyrockets 270%

Uploaded on 2016-04-26 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

The FBI has issued an alert, warning about a dramatic increase in CEO-fraud email scams: To the tune of a 270% increase.

This alarming global epidemic, otherwise known as “whaling,” involves attackers posing as a top company exec in order to trick employees into wiring funds to a scammer bank account—or releasing sensitive information, like W-2 tax forms. The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years.

“The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney or trusted vendor,” the alert warns. “They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.”

Victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments. From October 2013 through February 2016, law enforcement received reports from 17,642 victims. Law enforcement globally has received complaints from victims in every US state and in at least 79 countries.

Rohyt Belani, CEO and co-founder of PhishMe, said that even cybersecurity companies aren’t immune. PhishMe’s VP of finance received this exact type of CEO-fraud email scam last year, where an email appeared to be from Belani, requesting a wire transfer. In that case, the effort failed.

Obviously, if employees are unsure of the legitimacy of a transfer request, they should contact IT and confirm verbally or outside of email with that executive or vendor for verification before proceeding.

Jonathan Sander, vice president at Lieberman Software, pointed out that leadership has a role to play too.

“There is a question of how much power employees have to cause damage, and there is also a question of how executives expect to be able to give directions,” he said. “In several of the cases where these fake CEO emails prompted employees to do the wrong thing, the first thing that occurred to me was that the employee should never have been able to simply email out so much data. The employee shouldn’t have been able to access that much data without some sort of oversight kicking in. The fact that a single employee, for any reason, could grab so much data and simply send it to anyone, regardless of who they think that person is, is a scary prospect when you stop to think about it.”

Infosecurity:

« Russia Blamed For Swedish Air Traffic Hack
Chinese Whistleblower Sentenced To Death For Leaking State Secrets »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

BlueID

BlueID

BlueID is an IDaaS technology product which enables your objects to securely connect and interact with your users’ smart phones and smart watches.

Engineering Group

Engineering Group

Engineering is the Digital Transformation Company, a leader in Italy and with over 80 offices across Europe, the United States, and South America.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

Verint Systems

Verint Systems

Verint is a leader in Actionable Intelligence with a focus on customer engagement optimisation, security intelligence, fraud, risk and compliance.

National Accreditation Authority Hungary (NAH)

National Accreditation Authority Hungary (NAH)

NAH is the national accreditation body for Hungary. The directory of members provides details of organisations offering certification services for ISO 27001.

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

Cyber Resilience

Cyber Resilience

Cyber Resilience offer an intensive program designed to help you create strategies to quickly become cyber resilient and to manage cyber risks in a measurable and predictable way.

SAIFE

SAIFE

SAIFE has adapted a Software Defined Perimeter approach and paired it with a Zero Trust model that defines access by the user, their device, and where they are located.

StoneLock

StoneLock

StoneLock is a trusted leader in the design and manufacture of facial recognition software and technology.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Blackrock Cyber

Blackrock Cyber

Blackrock Cyber consults on critical security decisions, oversees compliance for your payment initiatives, and details cyber security training for your entire organization and board reporting.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

Forward Global

Forward Global

Forward Global designs and delivers services and technologies to manage digital, economic, and information risks.