Online crimes are on a consequent rise and every sector is vulnerable to it. However, corporate sector is at a high risk as there is a constant threat of data breach.
CEO Fraud is the recent cyber-attack that has taken a toll over business sector. Also known as Business Email Compromise (BEC), it is an attack in which the attacker masquerades his original identity. They often pose themselves as the CEO or any other senior executive of an organization and send emails to the staff members. They generally ask for confidential information or make you do something which should not be done otherwise.
Such attacks are launched after careful planning & research. Cyber-criminals often search the organizations website to gather information such as physical location of the business, employee details, business partners etc. They might also gather employee specific data from sites such as LinkedIn, Facebook, Twitter, etc.
After a thorough study of organization’s structure and dynamics they search for their targets as specific employees are targeted with a specific goal. For example, they might target accounts department if they seek some money related information, HR department if they seek employee info or IT department to access database servers. After determining exactly what they want, a phishing attack is launched. A well-drafted email containing a malicious link is then sent to selected people.
Emails in CEO fraud are crafted so realistically that it is often very hard for employees to detect that they are being tricked. Cyber-criminals might send you an email in the name of your CEO, senior executive or fellow employee with a company’s logo or seal. The text is written to initiate a sense of urgency so that the target victim in a rush to reply ignores the loopholes and provides necessary information asked for in the email.
Following are the three different things that can happen:
- Wire Transfer: The attacker might send an email to an employee in the accounts department posing as their boss to transfer some money in a particular account urgently.
- Passwords: Passwords to important logins may be asked through email.
- Tax Fraud: A cyber-criminal might send a fake email asking for certain employee information in order to conduct a fraud.
- Attorney Impersonation: The attack might also be conducted through a telephone. A cyber-criminal might email you posing as a senior official advising you to consult an attorney. Then he might impersonate as an attorney and call you to discuss an urgent matter. They trick you in passing on confidential information by creating a sense of urgency.
How To Prevent A CEO Attack?
- If you come across a rogue & suspicious email then inform everyone on the company’s radar so that they might be wary of it in future.
- Design policies & restrict data access to trusted employees only.
- Train employees on ways to identify phishing emails
- Consider multifactor authentication.
For more information IT security, call Centex Technologies at (254) 213-4740.