CEO Fraud Skyrockets 270%

The FBI has issued an alert, warning about a dramatic increase in CEO-fraud email scams: To the tune of a 270% increase.

This alarming global epidemic, otherwise known as “whaling,” involves attackers posing as a top company exec in order to trick employees into wiring funds to a scammer bank account—or releasing sensitive information, like W-2 tax forms. The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years.

“The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney or trusted vendor,” the alert warns. “They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.”

Victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments. From October 2013 through February 2016, law enforcement received reports from 17,642 victims. Law enforcement globally has received complaints from victims in every US state and in at least 79 countries.

Rohyt Belani, CEO and co-founder of PhishMe, said that even cybersecurity companies aren’t immune. PhishMe’s VP of finance received this exact type of CEO-fraud email scam last year, where an email appeared to be from Belani, requesting a wire transfer. In that case, the effort failed.

Obviously, if employees are unsure of the legitimacy of a transfer request, they should contact IT and confirm verbally or outside of email with that executive or vendor for verification before proceeding.

Jonathan Sander, vice president at Lieberman Software, pointed out that leadership has a role to play too.

“There is a question of how much power employees have to cause damage, and there is also a question of how executives expect to be able to give directions,” he said. “In several of the cases where these fake CEO emails prompted employees to do the wrong thing, the first thing that occurred to me was that the employee should never have been able to simply email out so much data. The employee shouldn’t have been able to access that much data without some sort of oversight kicking in. The fact that a single employee, for any reason, could grab so much data and simply send it to anyone, regardless of who they think that person is, is a scary prospect when you stop to think about it.”

Infosecurity:

« Russia Blamed For Swedish Air Traffic Hack
Chinese Whistleblower Sentenced To Death For Leaking State Secrets »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

CoSoSys Endpoint Protector

CoSoSys Endpoint Protector

Endpoint Protector by CoSoSys is an advanced all-in-one DLP solution for Windows, macOS, and Linux, that puts an end to unintentional data leaks and protects from malicious data theft.

Virtustream

Virtustream

The Virtustream Enterprise Class Cloud provides a secure, highly available, Infrastructure as a Service (IaaS) to enterprises and government customers.

Comarch

Comarch

Comarch is a provider of IT business solutions to optimize operational and business processes. Cyber security solutions are focused on Identity Management and Security Assessment services.

FTAPI Software

FTAPI Software

FTAPI SecuTransfer is a software solution for end-to-end encrypted data exchange of large and sensitive data with customers and partners.

Cybercrime Investigation & Coordinating Center (CICC)

Cybercrime Investigation & Coordinating Center (CICC)

The Cybercrime Investigation and Coordinating Center (CICC) is an attached agency of the Philippines Department of Information and Communications Technology (DICT).

Relyum

Relyum

Relyum provides innovative solutions for networking, synchronization and cybersecurity in critical systems.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Accurics

Accurics

Accurics enables self-healing cloud native infrastructure by codifying security throughout your development lifecycle.

Motiv ICT Security

Motiv ICT Security

Motiv is the ICT security specialist that provides public and private sector organisations with IT security solutions and services to prevent cybercrime, data theft and data breaches.

UK Cyber Security Council (UKCSC)

UK Cyber Security Council (UKCSC)

The role of The UK Cyber Security Council is to champion the cybersecurity profession across the UK, provide representation for the industry, accelerate awareness and promote excellence.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

Harbor Networks

Harbor Networks

Harbor Networks is a communications systems integrator and managed services provider. We provide business consultation services for voice and data communication technology.

Allot

Allot

Allot are a global provider of leading innovative network intelligence and security solutions for Service Providers and Enterprises worldwide.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.