Duping Your Business is Surprisingly Easy

The CEO Fraud email scam is a remarkably simple cyber threat. It can result in sudden and significant losses to you business.

The staff hierarchy is researched by the attacker. Often the About Us page on your website provides them with the names and responsibilities of key staff. They then craft an email, to the Financial Controller or CFO, asking them to transfer funds.The email appears to come from a senior person within the company, such as the MD or CEO.

Image courtesy of PhishMe

And its as simple as that.

This email scam relies on the Financial Controller being busy, unaware of such scams and convinced by the nature of the email.

That Email Scam Would Never Happen to Me

You might think that you wouldn’t fall for such an obvious scam. Consider this:

• The FBI reported that since 2015 they have seen a 270% increase in identified victims.
• The average loss is between $25k and $75k but some have cost millions.
• Total reported losses over the last 3 years totals over $2.3 billion

Of course, some scams are more sophisticated than others but this week one of our customers transferred £27k to an unknown account. A series of short emails, appearing to be from a senior member of staff, caught the financial controller unaware. Fortunately, the mistake was realised quickly and the funds were recalled by the bank.

The key to preventing this type of attack is to make sure that your staff are aware. It won’t stop the emails but it will greatly reduce the chance of such a scam succeeding.

You need to make sure that your business has fundamental security measures in place. After that, ongoing education is considered to be the most effective defence against cyber breaches.