CEO impersonation. For some, it involves getting a laugh by dressing like the boss on their birthday. However, in the world of cybersecurity, CEO impersonation is anything but funny.
What is CEO Impersonation?
Commonly known as C-Suite impersonation, CEO fraud, or the more popular term, Business Email Compromise (BEC), this form of cybercrime is growing in popularity…and complexity. In short, Business Email Compromise is a form of cyber-enabled financial fraud. With this type of cybercrime, the hacker impersonates a high-level executive in order to trick a subordinate employee into parting with company funds – usually in the form of transferring money or paying a fictitious invoice.
Why is Business Email Compromise such a popular form of cybercrime?
The answer is simple. Business Email Compromise has the potential to generate large amounts of money in a short amount of time. Consider the case of the Italian engineering firm, Tecnimont SpA. Chinese hackers, posing as the company’s CEO, convinced the branch executive in India to transfer a total of $18.5 million to banks in Hong Kong for what he believed was an acquisition the company was making in China. The money was withdrawn by the criminals within minutes of being transferred.1
Business Email Compromise has become a global threat, though in the United States companies of all types and sizes have reported losses. During a three-year period, from 2019 to 2021, there were more than 63,000 complaints filed with the FBI’s Internet Crime Complaint Center (IC3) and recorded BEC losses in the U.S. totaled more than $6 billion.2
In what ways is Business Email Compromise becoming more sophisticated?
Not only have the number of reported incidents risen over the years, but cybercriminals are becoming smarter in their endeavours. With the rise of social media, hackers take advantage of personal data to help them form relationships or build trust with intended victims. In the corporate world, the personal data gleaned from LinkedIn or company websites helps ensure their attempts at CEO impersonation appear more legitimate. According to the FBI, in 2021 fraudsters even began using virtual meeting platforms to initiate fraudulent wire transfers. As an example, a hacker posts a photo of a company executive during a virtual meeting and appears to be on the call with their camera turned off. From there, they craft a story and ask employees to be on the lookout for an email they’ll be sending with wire transfer instructions. These fraudulent wire transfers are often immediately transferred to cryptocurrency wallets and were quickly dispersed before the theft had been realized.2
To make matters worse, cybercriminals have been known to form cybergangs in order to devise their most sophisticated schemes. Cybergangs may be made up of lawyers, accountants, bankers, and other professionals who know the ins and outs of corporate money transfers. Some cybergangs have even been known to follow the online presence of their intended CEO victims for months at a time in order to learn as much as possible about their clients, partners, and even their habits.3
How do you combat CEO fraud?
When it comes to stopping Business Email Compromise, the first line of defense should be partnering with a strong email security service. INKY delivers the industry’s leading anti-phishing software, which is your best defense in the fight against imposter emails and CEO fraud. Unlike most anti-phishing software, INKY doesn’t rely on examining URLs and sender addresses to stop phishing emails. Instead, INKY uses a combination of sophisticated approaches to keep you safe from Business Email Compromise attempts.
- SOCIAL GRAPHING: Immediately after installation, INKY begins tracking who sends and receives emails to whom and creates a social graph.
- STYLOMETRY: Your word choices, sentence structure, and even the breadth of your vocabulary are all indicators of who is writing what. INKY establishes a profile for what an email from a particular sender should look like and she gets to know her users so that she can keep an eye out for anyone trying to impersonate them.
- COMPUTER VISION: INKY’s brand forgery detection software uses Computer Vision to detect company logos and determine from whom the email pretends to originate.
For those who don’t have email security software, keep in mind that you shouldn’t rely on email alone, especially when it comes to big, suspicious, or out-of-character transactions. If you’re back in the office, walk over to your CEO's office and discuss the request face-to-face. If that’s not an option, try calling their cell phone. If you’re worried about looking silly, just imagine how you’ll look if something goes wrong. The simple mention of potential cybercrime―or the suggestion of an email security solution―should make any CEO grateful to have a conscientious employee.
INKY helps companies secure email using a cloud-based security platform that proactively and instantly scans inbound, internal, and outbound emails to eliminate all types of phishing emails, including Business Email Compromise attempts. Learn more about what INKY can do for your company and schedule a free demonstration today.
This blog was updated in May 2022.
INKY is an award-winning, behavioral email security platform that blocks phishing threats, prevents data leaks, and coaches users to make smart decisions. Like a cybersecurity coach, INKY signals suspicious behaviors with interactive email banners that guide users to take safe action on any device or email client. IT teams don’t face the burden of filtering every email themselves or maintaining multiple systems. Through powerful technology and intuitive user engagement, INKY keeps phishers out for good. Learn why so many companies trust the security of their email to INKY. Request an online demonstration today.