<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
search
close

How to prevent CEO-fraud with your digital footprint

by Sebastiaan Bosman Blog 21 Jul 2020

CEO-fraud is the most common form of cyber-crime to target businesses worldwide. It’s now a 26-billion-dollar scam and continues to grow rapidly, with a 100% increase between 2018 and 2019. Creating awareness among employees is critical, but doesn’t offer full protection. What technical measures should you take to prevent a CEO-fraud attack at your organisation?


What is CEO-fraud?

CEO-fraud is an impersonation attack in which a criminal pretends to be a high-level executive or a third party, for example. They usually send an email to an employee telling them to transfer a sum of money to a specific account. An added time pressure, demand for confidentiality and authoritative “don’t ask questions, just do it”-message can persuade the employee to follow the instructions.

Still, criminals will have to technically prepare the attack to increase their chances of success. This gives IT security professionals the opportunity to identify an upcoming attack and take preventive measures before the attack is launched. This blog describes a criminal’s general preparation techniques, and how digital footprint monitoring can minimise the impact.

An organisation’s digital footprint is based on observable data solely. We define the digital footprint as a brand’s presence on the internet, be it in infrastructure, servers, online services, domains and applications, or on social media and appstore-channels, etc. Mapping the digital footprint allows IT specialists to see beyond the perimeter, make attack infrastructures and shadow IT visible, and identify and mitigate any vulnerabilities in their systems.

Deconstructing CEO-fraud

First, criminals use a variety of publicly available sources (OSINT) to gather information on the organisation and its people. It focusses on two aspects: the people and the processes. What is the hierarchical order, who is responsible for certain projects, what are the connected third parties, who to impersonate, and who to target? This is called social engineering.

As for the processes, what are the usual procedures in place when communicating with colleagues and third parties? How is the email infrastructure designed? Via which channels is money transferred? Criminals will try to convince their target to circumvent these official processes to increase their chances of success.

The collected data is the input for their attack plan and to create the most convincing message.

Digital footprint solutions:

  • Be aware of the web pages displaying information about the organisation and its people, and who can access these pages.
  • Monitor social accounts to detect information leaks and identify accounts with a suspicious interest in the organisation.

When an employee is deceived into following the instructions,
criminals are more likely to repeat the attack with the same victim 

When cyber-criminals have created a picture of the organisation’s people and processes, they basically have two options for the next stages:

a.   Spoof existing email addresses;
b.   Set up a fake domain imitating the brand.

If criminals have discovered a vulnerability in your email settings, they can exploit that to determine the organisation’s email naming convention, i.e. the way email addresses are constructed, such as e.xample@organisation.com. With this information, they can imitate existing email domains to send messages, making it seem as if the message originates form a reliable source within the organisation or from a third party.

Digital footprint and Digital Risk Protection solutions:

  • Finding and repairing vulnerabilities in the organisation’s email security footprint and setting up tools such as DMARC, SPF and DKIM will help keep malicious emails from reaching employees.

If internal email security is more difficult to exploit, criminals can also register a domain name which closely resembles the brand’s domain name or that of a third party, but might differ in just one character. Next, they create a fake website and set up a near-identical email domain. If their victim only glances over the sender’s email domain, he/she is less likely to identify the threat and fall for the scam.

Digital footprint and Digital Risk Protection solutions:

  • Conduct automated scans to find all brand-related web pages and identify which do not belong to the organisation. It’s vital to scan without a pre-defined scope, or external domains and malicious social accounts might not be found.
  • Find newly registered domains by automatic detecting a brand’s name, logo, and slogan.
  • Continuously monitor the fake websites before they are weaponised. The collected evidence supports a Notice and Takedown procedure.

Zero-scope digital footprint monitoring

Having an impenetrable firewall is not enough to keep criminals from their intended goal. However, their chances of success can be significantly reduced by incorporating zero-scope digital footprint monitoring into your existing security processes. Identifying your organisational exposure and vulnerabilities in IT systems, as well as unveiling the preparation stages of incoming attacks over multiple channels will limit the risk and impact of a CEO-fraud attempt.

Cybersprint 5-year anniversary

2020 marks our five-year anniversary! To celebrate, we will publish five video interviews about our journey so far. One video every Thursday in the month October. 

read more

Hâck The Hague: From council questions to a unique hacking competition

The Hague Municipality’s Council, Monday 30th of September 2019 at 10:25 AM. On this location 3 years ago, the idea for the first edition of this event was established. Today, as chairman I have the pleasure to initiate its third edition, Hâck The Hague 2019. For the third year in a row, the municipality of The Hague and Cybersprint are working together to test the digital security of the city along with its inhabitants.

read more

Use case: Provincie Overijssel

For governmental organisations, it is important to have a clear overview of their digital footprint and risks. They need to ensure the right policies are in place when it comes to cybersecurity. To illustrate their challenges, and the benefits of digital footprint management, we've interviewed one of our customers from the governmental sector. Rick Verkade, Security and Privacy Specialist at Provincie Overijssel shares his experiences in this interview.

read more

Do you have a question?

Our experts have the answers

Contact us