CEO Fraud Skyrockets 270%

Uploaded on 2016-04-26 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

The FBI has issued an alert, warning about a dramatic increase in CEO-fraud email scams: To the tune of a 270% increase.

This alarming global epidemic, otherwise known as “whaling,” involves attackers posing as a top company exec in order to trick employees into wiring funds to a scammer bank account—or releasing sensitive information, like W-2 tax forms. The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years.

“The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney or trusted vendor,” the alert warns. “They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.”

Victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments. From October 2013 through February 2016, law enforcement received reports from 17,642 victims. Law enforcement globally has received complaints from victims in every US state and in at least 79 countries.

Rohyt Belani, CEO and co-founder of PhishMe, said that even cybersecurity companies aren’t immune. PhishMe’s VP of finance received this exact type of CEO-fraud email scam last year, where an email appeared to be from Belani, requesting a wire transfer. In that case, the effort failed.

Obviously, if employees are unsure of the legitimacy of a transfer request, they should contact IT and confirm verbally or outside of email with that executive or vendor for verification before proceeding.

Jonathan Sander, vice president at Lieberman Software, pointed out that leadership has a role to play too.

“There is a question of how much power employees have to cause damage, and there is also a question of how executives expect to be able to give directions,” he said. “In several of the cases where these fake CEO emails prompted employees to do the wrong thing, the first thing that occurred to me was that the employee should never have been able to simply email out so much data. The employee shouldn’t have been able to access that much data without some sort of oversight kicking in. The fact that a single employee, for any reason, could grab so much data and simply send it to anyone, regardless of who they think that person is, is a scary prospect when you stop to think about it.”

Infosecurity:

« Russia Blamed For Swedish Air Traffic Hack
Chinese Whistleblower Sentenced To Death For Leaking State Secrets »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CERT.BY

CERT.BY

The National Computer Emergency Response Team of the Republic of Belarus.

CSA Events

CSA Events

Cloud Security Alliance conducts a series of conferences around the world. This listing provides a link to details of upcoming events.

InstaSafe Technologies

InstaSafe Technologies

InstaSafe®, a Software Defined Perimeter based (SDP) one-stop Secure Access Solution for On-Premise and Cloud Applications.

totemo

totemo

Totemo offers solutions for the secure exchange of business information.

Metrarc

Metrarc

Metrarc has developed a ground-breaking technology called ICMetrics™ for deriving secure encryption keys from the properties of digital systems without the need to store any of the encryption keys.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum is a catalyst platform designed to create a more resilient and better cyberworld for all.

LibraSoft

LibraSoft

Librasoft creates solutions to protect information from external and internal threats.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

NASK

NASK

NASK is a National Research Institute under the supervision of the Chancellery of the Prime Minister of Poland. Our key activities involve ensuring security online.

Fletch

Fletch

Fletch’s AI tracks the evolving cybersecurity threat landscape by reading and interpreting every threat article every day and matching those threats to a company’s exposure.

Third Wave Innovations

Third Wave Innovations

Third Wave Innovations (formerly RCS Secure) offers a full spectrum of cybersecurity safeguards and IT services.

Foghorn Consulting

Foghorn Consulting

Foghorn can analyze your cloud to enhance performance and security, while reducing costs. Based on AWS’ 6 Pillars, our AWS WAFR Certified Engineers Will Identify Areas of Improvement.

Hiya

Hiya

Hiya's mission is to secure voice with trust, identity and intelligence. We're protecting people from spam and fraud calls, and helping carriers secure their networks for all.