Email Security Blog

Company Phishing Attacks: Are You the Unknowing Accomplice?

It’s no secret that phishing attacks are on the rise – especially when it comes to CEO impersonation and Business Email Compromise. Email account compromises accounted for $1.8 billion in losses in 2020 and for most companies, there is not a clear resolution in sight.1

What is CEO impersonation?

Commonly known as C-Suite impersonation, CEO fraud, or the more popular term, Business Email Compromise (BEC), is a form of cyber-enabled financial fraud. With this type of cybercrime, the hacker impersonates a high-level executive in order to trick a subordinate employee into parting with company funds – usually in the form of transferring money or paying a fictitious invoice.

Why is Business Email Compromise such a popular form of cybercrime?

The answer is simple. Business Email Compromise has the potential to generate large amounts of money in a short amount of time. Consider the case of the Italian engineering firm, Tecnimont spa. Chinese hackers, posing as the company’s CEO, convinced the branch executive in India to transfer a total of $18.5 million to banks in Hong Kong for what he believed was an acquisition the company was making in China. The money was withdrawn within minutes of being transferred.2

Are you setting yourself up for a Business Email Compromise attack?

Not only have the number of reported incidents risen over the years, but cybercriminals are becoming smarter in their endeavors. Sadly, some of the most sophisticated phishing attacks happen with the help of the victim.

Let’s say that one more time to make sure it sunk in. Some of the most sophisticated phishing attacks happen with the help of the victim. How? The answer lies in social media and a lack of protection.

Social media often starts the phishing scam in motion. It’s how they begin building a credible phishing threat. Hackers comb through LinkedIn and similar accounts to extract personal data. This information helps cybercriminals construct a phishing scam using the names and information of their trusted relationships. The personal data gleaned from LinkedIn, Facebook, company websites, and similar sources helps ensure their attempts at CEO impersonation appear more accurate. With enough effort, it is easy to figure out reporting structures, familiar facts about a person, and even when executives might be going on vacation. All of that information can be wrapped into a phishing threat that is believable and effective. And, while you may not be able to stop a cybercriminal from figuring out all of this information, you need to know it happens every day.

To make matters worse, cybercriminals are forming cybergangs in order to devise their most sophisticated schemes. Cybergangs may be made up of lawyers, accountants, bankers, and other professionals who know the ins and outs of corporate money transfers. Some cybergangs have even been known to follow the online presence of their intended CEO victims for months at a time in order to learn as much as possible about their clients, partners, and even their habits.3

How do you combat these types of phishing attacks?

When to comes to stopping Business Email Compromise, and similar socially-driven phishing scams, it is important to establish some common-sense office protocols and educate employees.

One simple step is to encourage and welcome better communication. If an employee receives an email request from their boss directing them to issue a large sum of money, make a purchase that seems out of the ordinary, or even change a vendor’s banking information, office protocol should be to confirm that request in person. Everyone loves a contentious employee and simply walking over to the CEOs office or mentioning the matter during a meeting could be the difference between being hacked and staying safe.

Also, be sure to make cybercrime a common point of discussion in the office. If employees understand the potential cybercrimes that could be put into motion, they’ll be more thoughtful when dealing with potential phishing emails.

That said, no employee can or should be expected to catch every potential malicious email that comes their way. That is why the strongest line of defense should be partnering with a respected and proven email security service. INKY delivers the industry’s leading anti-phishing software, which is your best defense in the fight against imposter emails and CEO fraud.

Immediately after installation, INKY begins to track users’ email behavior, establishing a social graph of sender profiles within days. INKY also uses stylometry technology to detect anomalies in potentially dangerous emails. INKY performs cluster analyses to decide if the set of attributes of any incoming email fits with the known sender profile. If something is amiss, INKY warns the user it may be an impersonation. Additionally, INKY’s brand forgery detection software uses computer vision to detect company logos and determine from whom the email claims to originate and whether it is legitimate.

Don’t waste another moment. The simplest step you can take to protect your company is to see the technology in action by scheduling a free demonstration of INKY’s uniquely amazing phish-fighting capabilities. INKY has the innovation and expertise to fight phishing in the office, at home, and on any mobile device. Schedule a free demonstration today


INKY® is the most effective hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and a finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.