logo
Courses Blog About Us Login

CEO Fraud and its easy prevention

CEO Fraud or Business Email Compromise (BEC) are common scams in which cybercriminals spoof company email accounts and impersonate executives to try and fool Accountants of the company or HR employees into executing unauthorized financial transfers or sending out sensitive information on an urgent basis. It has been around for quite some time targeting consumers and businesses also known as CEO phishing fraud, these attacks are problematic for employees to spot. 

There are a few techniques that can help your organization to defend against CEO frauds:

  • Conduct employee cyber security awareness checks regularly-

o Security is everyone’s responsibility. That means everyone – regardless of department or role, everyone must understand what a CEO fraud looks like highlighting the red flags. 

  • Understanding Red flags of a CEO fraud attack-

  1. The lack of spelling errors. Earlier, it was the other way.
  2. One may also, notice the personal touches — Fraudsters' familiar tone, their references to victims working from home, and casual email sign-off.
  3. Fraudsters collaborate and go to great efforts to recce, deep research their subjects and their targets, either by snooping or by using publicly available information.
  4. The sender’s email address: The fraudulent domain name that looks strikingly similar to the original domain, especially on mobile.
  5. The sense of urgency: The subject line, the ongoing meeting, the late invoice, creating a sense of urgency is near-universal in social engineering attacks.
  6. The authoritative tone: “Please pay immediately”: there’s a reason cybercriminal impersonate CEOs — they’re powerful, and employees tend to act on their instructions.
  7. Playing on the target’s trust: “I’m counting on you”. Everyone wants to be chosen to do the boss a favour.
  8. By the mention of “new account details”: A CEO scam normally involves “money transfer”, to this new account which is controlled by the cyber- criminal.
Humans are often led by emotions, they’re not good at spotting small giveaways that might reveal a fraudulent email. Pressure situations make people panic, which will lead to poor decisions. Beyond cyber-security training, every organization/company should take a holistic approach to cybersecurity that minimizes the risk of serious fallout from an attack. Here are some important security measures that will help protect your company’s assets and data from CEO fraud attacks:
  1. Put a system in place so employees can verify large and non-routine wire transfers, ideally via phone.
  2. Protect corporate email accounts and devices using multi-factor authentication (MFA)
  3. Ensure employees maintain strong passwords and ensure they’re changed regularly.
  4. Buy domains that are similar to your company’s brand name to prevent domain impersonation.
  5. Closely monitor financial accounts for irregularities such as missing deposits.
Join our cybersecurity webinars to easily decipher frauds. Leonis Consultancy is here to help.

Launch your GraphyLaunch your Graphy
100K+ creators trust Graphy to teach online
𝕏
Leonis Consultancy LLP 2024 Privacy policy Terms of use Contact us Refund policy