Present Blog-IT thought leadership in Canada

How to Avoid Falling Victim to CEO Fraud Phishing Attacks

Written by present | Mar 28, 2023 4:42:23 PM

Are you aware that cybercriminals are increasingly targeting businesses with CEO fraud, leading to significant financial losses for businesses across industries? 

In fact, global businesses lost over $43 billion to CEO fraud from July 2019 to December 2021, according to the FBI. Read on to learn about CEO fraud and the simple steps you can take to protect your organization.



First things first, what exactly is CEO fraud?

A CEO scam, also called Business Email Compromise (BEC), involves a cybercriminal impersonating a company’s CEO or a high-ranking executive and using this false identity to trick employees into sending sensitive information or money.

Let’s take an example. 

An employee comes to work on a Tuesday morning and finds an email in their inbox that seems to have been sent from the company’s CEO. The email requests that they transfer a significant amount of money to a specific bank account as soon as possible. The CEO explains that they urgently need the money for a confidential company acquisition. They insist on the urgent aspect of the transaction. 

This cybercriminal was able to create a fake email address that closely resembles the CEO’s legitimate email address. And naturally, the receiver doesn’t know that the email is, in fact, a fraudulent message.

The employee believes that the message is genuine, follows the instructions, and transfers the money to the specified bank account.

The company just fell victim to a CEO scam!



4 Tips To Prevent CEO Fraud

  • Educate your employees on the risks - This is the number one way to mitigate fraud risk, including CEO scams, in your company: 
    • Regularly train your employees on how to recognize and report suspicious emails, especially those that come from high-level executives.
      • Payment requests with new or amended bank details.
      • Urgent requests for money transfers or invoice payments.
      • The use of urgent language, in general.
      • Slightly different email addresses.

  • Implement a strong risk management policy:  
    • In addition to training employees specifically to detect CEO scams, establishing a security protocol is a must these days, no matter the size of your business. Some of the things you could incorporate in the company’s security policy include the following:

      • Asking employees to never open emails or links sent from an unknown source.
      • Asking employees to regularly change their passwords.
      • Requesting that employees never use a USB drive on office computers.

       

  • Implement strong authentication protocols:
    • Implementing tools such as email filters, multi-factor authentication (MFA), and closely managing and monitoring employees’ access and permission levels can provide additional protection against cybercriminals.
  • Work with cybersecurity professionals: 

Conclusion

CEO fraud or BEC scams are a serious threat to Canadian businesses. Cybercriminals are becoming increasingly sophisticated in their methods, making it more challenging to detect and prevent these types of attacks. However, by implementing a strong risk management policy, educating employees, implementing strong authentication protocols, and working with cybersecurity professionals, businesses can significantly reduce their risk of falling victim to a CEO scam. Remember, prevention is always better than cure, and it's crucial to take the necessary measures to protect your organization and its sensitive information. By staying vigilant and proactive, businesses can avoid the financial and reputational damages associated with CEO fraud.
  

At Present, we are on a mission to help our clients identify vulnerabilities, strengthen their cybersecurity and ensure their corporate data and sensitive information is safe. 

So, don’t hesitate to contact us to learn more about our services and how we can help.

Don't wait until it's too late!