Email Security Blog

Why CEO Fraud is a Growing Concern

CEO impersonation. For some, it’s a career-ending impression of the boss performed to get a laugh at the company holiday party.  But to those of us in the world of cybersecurity, CEO impersonation is anything but funny.

What is CEO impersonation?

Commonly known as C-Suite impersonation, CEO fraud, or the more popular term, Business Email Compromise (BEC), this form of cybercrime is growing in popularity…and complexity.  In short, Business Email Compromise is a form of cyber-enabled financial fraud.  With this type of cybercrime, the hacker impersonates a high-level executive in order to trick a subordinate employee into parting with company funds – usually in the form of transferring money or paying a fictitious invoice.

Why is Business Email Compromise such a popular form of cybercrime? 

The answer is simple.  Business Email Compromise has the potential to generate large amounts of money in a short amount of time.   Consider the case of the Italian engineering firm, Tecnimont spA.  Chinese hackers, posing as the company’s CEO, convinced the branch executive in India to transfer a total of $18.5 million to banks in Hong Kong for what he believed was an acquisition the company was making in China.  The money was withdrawn within minutes of being transferred.1 

Business Email Compromise has become a global threat, though in the United States companies of all types and sizes have reported losses.  From June of 2016 to May of 2018, there were more than 19 thousand complaints filed with the FBI’s Internet Crime Complaint Center (IC3) and recorded BEC losses in the U.S. totaled nearly $3 billion.2

In what ways is Business Email Compromise becoming more sophisticated?

Not only have the number of reported incidents risen over the years, but cybercriminals are becoming smarter in their endeavors. With the rise of social media, hackers take advantage of personal data to help them form relationships or build trust with intended victims.  In the corporate world, the personal data gleaned from LinkedIn or company websites helps ensure their attempts at CEO impersonation appear more legitimate. To make matters worse, cybercriminals are forming cybergangs in order to devise their most sophisticated schemes.  Cybergangs may be made up of lawyers, accountants, bankers, and other professionals who know the ins and outs of corporate money transfers.  Some cybergangs have even been known follow the online presence of their intended CEO victims for months at a time in order to learn as much as possible about their clients, partners, and even their habits.3

How do you combat CEO fraud?

When to comes to stopping Business Email Compromise, the first line of defense should be partnering with a strong email security service.  INKY delivers the industry’s leading anti-phishing software, which is your best defense in the fight against imposter emails and CEO fraud. Unlike most anti-phishing software, INKY doesn’t rely on examining URLs and sender addresses to stop phishing emails. INKY’s brand forgery detection software uses Computer Vision to detect company logos and determine from whom the email pretends to originate.

For those who don’t have email security software, keep in mind that you shouldn’t rely on email alone, especially when it comes to big, suspicious, or out-of-character transactions. Walk over to your CEO office and discuss the request face-to-face.  If you’re worried about looking silly, just imagine how you’ll look if something goes wrong.  The simple mention of potential cybercrime―or the suggestion of an email security solution―should make any CEO grateful to have a conscientious employee. 

----------------------

INKY® is the new solution in the war against phishing. An affordable, cloud-based email security program, INKY® can prevent even the most complex phishing threats from infecting, disrupting, and even immobilizing your organization’s network. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. Learn more or request an online demonstration today.

1Source: https://www.bankinfosecurity.com/bec-scam-leads-to-theft-186-million-fraud-a-11930

2Source: https://www.ic3.gov/media/2018/180712.aspx

3Source: https://www.infosecurity-magazine.com/opinions/cyber-gangs-smarter/