What is CEO fraud?

Home » phishing » What is CEO fraud?

 

CEO fraud is a phenomenon that has been circulating for a number of years at large institutions, but now also affects small companies and associations. With CEO fraud, a cybercriminal assumes the identity of the CEO in order to make payment requests to the executive secretary, the CFO or other persons within the company with payment authority. In this way, criminals can send very large amounts of money to foreign accounts.

How does CEO fraud work?

In order to successfully commit CEO fraud, the hacker or cyber-criminal will first have to investigate how companies and employees communicate with each other. It is important that he understands how employees greet each other, what kind of emails are sent back and forth, and what the policy is before payment is made.

In addition, the criminal can also monitor social media profiles. In the past, he has often sent multiple emails to the company to find out who decides which payments to make and how the emails are structured or articulated.

As a company, how can you prevent CEO fraud?

If you want to protect your company or association from CEO fraud, there are a few steps you can take.

1. When the CEO sends a payment request, it is a good idea to call the CEO or entrepreneur for confirmation or to make the payment on his or her desk.
2. You should always check the sender of the email. The sender may contain important hints as the CEO’s name may be misspelled or may come from a Gmail or other free email address.
3. If you receive a payment request from another company, please call to confirm the request. Please use the phone number you have on file – and NOT the phone number in the email.
4. As a company, it is important that your company has certain procedures for payments. It can be difficult for criminals to follow these procedures.
5. Provide an extra layer of protection at your bank. Let your bank know what kind of transactions can be considered normal for your company or business. In this way, artificial intelligence can use machine learning to mark certain payments as unusual or suspicious so that they can be stopped. For example, if your company never transfers money abroad, your bank may block payment to a foreign account. If the payment is known, all you have to do is call your bank and the payment can be made without any problems.

What if you are the victim of CEO fraud?

If you are lucky and can get there quickly, you can contact your bank and stop the payment. If you wait too long, it is possible that you have lost your money because you cannot hold anyone liable. It is therefore important that you call your bank’s fraud number.
But as with many cybersecurity problems, prevention is much better than cure.

Contact

Interested in planning a security awareness session for your management or staff? Or are you curious about how you can increase awareness for your organization? Then please contact us using the form below. We will be happy to answer all your questions.

Click on the Proactive Cybersecurity Service(s) you are looking for * Ethical Hacking Pentest Security Awareness Social Engineering Test Vulnerability Test Phishing - Smishing Test Hacker Detection Kit Select the desired Ethical Hacking Pentest External Pentest (Black) Internal Pentest (White) Pentest notified (Grey) Red Team Pentest Web Application Pentest Mobile Apps Pentest Physical Pentest Cloud Pentest WiFi Pentest Hands-on Pentest API Pentest IoT Pentest Select the desired Security Awareness Action Awareness Session(s) Anti Phishing Training Escape Room Truck Awareness Elearning Awareness Speech Awareness Game Select the desired Social Engineering Test Mystery Guest Test Email Phishing Test Phone Phishing Test USB-drop Test SMS Phishing Test CV-portal Test Select the desired Phishing Test Email Phishing Test Spear Phishing Test SMS Phishing Test CV-portal Phishing Test Select the desired HDK Component Hacker Detection Hacker Tracker 14-day Trial Version Select the desired Vulnerability Test ActiveScan ProReporter PassiveScan ProReporter Name * Company/Organisation * Number of employees * E-mail * Phone * Message GDPR Agreement * I consent to having this website store my submitted information so they can respond to my inquiry Submit