<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us

How to prevent CEO-fraud with your digital footprint

by Sebastiaan Bosman Blog 21 Jul 2020

CEO-fraud is the most common form of cyber-crime to target businesses worldwide. It’s now a 26-billion-dollar scam and continues to grow rapidly, with a 100% increase between 2018 and 2019. Creating awareness among employees is critical, but doesn’t offer full protection. What technical measures should you take to prevent a CEO-fraud attack at your organisation?

What is CEO-fraud?

CEO-fraud is an impersonation attack in which a criminal pretends to be a high-level executive or a third party, for example. They usually send an email to an employee telling them to transfer a sum of money to a specific account. An added time pressure, demand for confidentiality and authoritative “don’t ask questions, just do it”-message can persuade the employee to follow the instructions.

Still, criminals will have to technically prepare the attack to increase their chances of success. This gives IT security professionals the opportunity to identify an upcoming attack and take preventive measures before the attack is launched. This blog describes a criminal’s general preparation techniques, and how digital footprint monitoring can minimise the impact.

An organisation’s digital footprint is based on observable data solely. We define the digital footprint as a brand’s presence on the internet, be it in infrastructure, servers, online services, domains and applications, or on social media and appstore-channels, etc. Mapping the digital footprint allows IT specialists to see beyond the perimeter, make attack infrastructures and shadow IT visible, and identify and mitigate any vulnerabilities in their systems.

Deconstructing CEO-fraud

First, criminals use a variety of publicly available sources (OSINT) to gather information on the organisation and its people. It focusses on two aspects: the people and the processes. What is the hierarchical order, who is responsible for certain projects, what are the connected third parties, who to impersonate, and who to target? This is called social engineering.

As for the processes, what are the usual procedures in place when communicating with colleagues and third parties? How is the email infrastructure designed? Via which channels is money transferred? Criminals will try to convince their target to circumvent these official processes to increase their chances of success.

The collected data is the input for their attack plan and to create the most convincing message.

Digital footprint solutions:

  • Be aware of the web pages displaying information about the organisation and its people, and who can access these pages.
  • Monitor social accounts to detect information leaks and identify accounts with a suspicious interest in the organisation.

When an employee is deceived into following the instructions,
criminals are more likely to repeat the attack with the same victim 

When cyber-criminals have created a picture of the organisation’s people and processes, they basically have two options for the next stages:

a.   Spoof existing email addresses;
b.   Set up a fake domain imitating the brand.

If criminals have discovered a vulnerability in your email settings, they can exploit that to determine the organisation’s email naming convention, i.e. the way email addresses are constructed, such as e.xample@organisation.com. With this information, they can imitate existing email domains to send messages, making it seem as if the message originates form a reliable source within the organisation or from a third party.

Digital footprint and Digital Risk Protection solutions:

  • Finding and repairing vulnerabilities in the organisation’s email security footprint and setting up tools such as DMARC, SPF and DKIM will help keep malicious emails from reaching employees.

If internal email security is more difficult to exploit, criminals can also register a domain name which closely resembles the brand’s domain name or that of a third party, but might differ in just one character. Next, they create a fake website and set up a near-identical email domain. If their victim only glances over the sender’s email domain, he/she is less likely to identify the threat and fall for the scam.

Digital footprint and Digital Risk Protection solutions:

  • Conduct automated scans to find all brand-related web pages and identify which do not belong to the organisation. It’s vital to scan without a pre-defined scope, or external domains and malicious social accounts might not be found.
  • Find newly registered domains by automatic detecting a brand’s name, logo, and slogan.
  • Continuously monitor the fake websites before they are weaponised. The collected evidence supports a Notice and Takedown procedure.

Zero-scope digital footprint monitoring

Having an impenetrable firewall is not enough to keep criminals from their intended goal. However, their chances of success can be significantly reduced by incorporating zero-scope digital footprint monitoring into your existing security processes. Identifying your organisational exposure and vulnerabilities in IT systems, as well as unveiling the preparation stages of incoming attacks over multiple channels will limit the risk and impact of a CEO-fraud attempt.

Forwarding your call: How do DNS and CNAME records work?

The web is in a continuous state of dynamic development, with websites being created, updated, and deleted every day. These websites are the digital equivalent of a rented property. Similar to physical properties, visitors will need a precise address to visit you.

read more

Digital Footprint explained: What is it & where does it come from?

It's the term we use the most: Digital Footprint. It is the foundation of your organisation’s digital infrastructure. It’s the starting point of your IT security policies, configuration database management, vulnerability mitigation, and much more. In this blog, we’ll shortly describe what drives the need for a Digital Footprint solution, share our definition of the term, and explain how it minimises the risks to your brand.

read more

Swagger API: Discovery of API data and security flaws

APIs (Application Programming Interface) are used by applications to communicate and interact between systems, access data, and much more. It makes sure you get the correct response on a request. However, if someone were to intercept this request-response, they could potentially misuse the data or alter the process. Cyber-criminals scan the internet for unsecured APIs on a daily basis. If not properly secured, this can lead to unauthorised access to internal data or customer information. What’s more, in some cases it allows tampering with data directly from an exposed API. This technical article focuses on mapping and discovering Swagger APIs throughout the EU. We will present how we discovered those APIs and checked for misconfigured examples. We will illustrate each step using screenshots, present the results, and provide defensive recommendations. Research conducted by Soufian El Yadmani, Security Analyst at Cybersprint The interactive map below shows how many Swagger APIs we found, and in which region. You can click, drag and zoom to see how many Swagger APIs were found in your area.    

read more

Do you have a question?

Our experts have the answers

Contact us