ITB - IT Solutions for the next generation
linkedin logo twitter logo facebook logo google+ logo

CEO Fraud – Its bigger than you think and we’re all targets!

28th July 2017
CEO Fraud – Its bigger than you think and we’re all targets!

We’ve all heard recently about Ransomware and the damage it’s causing, however as a professional security company we’re always on the lookout for the
next big thing, and the next issue our customers need to look out for.

Hackers by default tend to be lazy and if they can make more money by doing less work they will. Developing a malicious Ransomware campaign can take time
(unless you go down the Ransomware-as-a-Service route that is) so while this has been utilised on numerous occasions by hackers as a way of extorting
money from businesses, they will always be on the lookout for easier and more lucrative ways of doing so.

Enter CEO Fraud.

Unlike developing a Ransomware attack, CEO Fraud (sometimes known as BEC – Business Email Compromise) can be launched in minutes and is much faster to
execute than Ransomware. All it takes is a bit of research on LinkedIn to gather information on your target and their business and as soon as you have
put together a spoof email you’re almost ready to go. It’s now just a case of choosing the right time to launch the attack.

Even though Ransomware is at the forefront of an organisation’s thinking, Cisco’s midyear report showed that it was actually CEO Fraud that netted hackers
five times more money than Ransomware over the past three years ($5.3 billion vs $1 billion).

This research can be backed up by ITB who have seen a large increase in this type of attack.

One of our customers who recently suffered an attempted CEO Fraud attack, were happy to expand on what happened to them….

We were targeted by a spammer who harvested our distributor network email addresses and details from our website, sending them a forged email purporting to be from our CEO (name taken from Companies House/Our Corporate Website) requesting for payment for an outstanding invoice.


‘Morning Ben,

So when would you be making the payment currently owed as we would like to give you an alternative account to make the payment.

I cant take calls now so an email will be fine .

Sent from my iPhone’

Several of our distributors replied to the email address, and several more aware customers contacted us directly to query – leaving us with the embarrassing situation of having to advise all customers of the spam.

Although unsuccessful, this example highlights how easy it can be, with a bit of research, to launch a CEO Fraud attack. Although no damage was done in
a monetary sense, the damage was caused to the company’s reputation.

This is one of the results of a successful attack, however, there are much more serious consequences and organisations have lost millions in a single attack.
The knock-on effect of this sadly is that people lose their jobs and lawsuits are filed leading to more misery.

According to research by ITB Partner KnowBe4 in Jan 2016 FACC AG an Aerospace company based in Austria lost $50.0 Million to CEO Fraud. This led to the
CEO and CFO being fired. In May 2016 Pomeroy Investment Corp lost $495,000. The error wasn’t noticed for 8 days and by then the money was gone. A more
recent example, in June 2017 Southern Oregon University lost $1.9 Million to CEO Fraud. The outcome of this is yet to be published.

One of the simplest and most cost-effective ways to prevent this type of attack is training your employees on what to be aware of.

Some things for business users to look out for (especially those in Finance) are:

  • Fraudulent emails will almost always come in when the CEO or other member of staff is out of the business (remember, although deemed CEO Fraud it can
    be any member of staff that has a requirement to deal with finances or transact payments that can have their emails spoofed)
  • There will always be a reason the person targeted cannot make contact with the CEO. The excuse may be that they’re about to get on a flight or go into
    a meeting etc
  • The email will ask for money to be transferred immediately and will be worded in such a way that the target feels as though the request is an urgent
    business critical one
  • The hacker will ask for funds to be transferred directly into another unrecognised account
  • If any of the above points are flagged up, take some time to analyse the email address the request came from

The most targeted department for obvious reasons is Finance, however there have been cases of hackers targeting other departments, such as IT, HR and Executive
teams trying to extract data (that can be sold on) rather than money.

Technology can also be implemented to mitigate the risk of CEO fraud. We are finding that with advancements in Artificial Intelligence and Machine Learning,
vendors are launching products that offer real-time Spear Phishing and Cyber Fraud defence.

We have seen recently products that integrate with Office365 and learn each organisation’s unique communication patterns. This messaging intelligence allows
the technology to identify anomalies and stop these attacks with zero impact on network performance.

We strongly feel that a combination of technology coupled with constant and sustained training will beef up your defences and offer 24/7 protection against
CEO Fraud.

To learn more about CEO Fraud and how ITB can help to protect your organisation contact us on 01865 595510.