<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
German website

How to prevent CEO-fraud with your digital footprint

by Sebastiaan Bosman Blog 21 Jul 2020

CEO-fraud is the most common form of cyber-crime to target businesses worldwide. It’s now a 26-billion-dollar scam and continues to grow rapidly, with a 100% increase between 2018 and 2019. Creating awareness among employees is critical, but doesn’t offer full protection. What technical measures should you take to prevent a CEO-fraud attack at your organisation?

What is CEO-fraud?

CEO-fraud is an impersonation attack in which a criminal pretends to be a high-level executive or a third party, for example. They usually send an email to an employee telling them to transfer a sum of money to a specific account. An added time pressure, demand for confidentiality and authoritative “don’t ask questions, just do it”-message can persuade the employee to follow the instructions.

Still, criminals will have to technically prepare the attack to increase their chances of success. This gives IT security professionals the opportunity to identify an upcoming attack and take preventive measures before the attack is launched. This blog describes a criminal’s general preparation techniques, and how digital footprint monitoring can minimise the impact.

An organisation’s digital footprint is based on observable data solely. We define the digital footprint as a brand’s presence on the internet, be it in infrastructure, servers, online services, domains and applications, or on social media and appstore-channels, etc. Mapping the digital footprint allows IT specialists to see beyond the perimeter, make attack infrastructures and shadow IT visible, and identify and mitigate any vulnerabilities in their systems.

Deconstructing CEO-fraud

First, criminals use a variety of publicly available sources (OSINT) to gather information on the organisation and its people. It focusses on two aspects: the people and the processes. What is the hierarchical order, who is responsible for certain projects, what are the connected third parties, who to impersonate, and who to target? This is called social engineering.

As for the processes, what are the usual procedures in place when communicating with colleagues and third parties? How is the email infrastructure designed? Via which channels is money transferred? Criminals will try to convince their target to circumvent these official processes to increase their chances of success.

The collected data is the input for their attack plan and to create the most convincing message.

Digital footprint solutions:

  • Be aware of the web pages displaying information about the organisation and its people, and who can access these pages.
  • Monitor social accounts to detect information leaks and identify accounts with a suspicious interest in the organisation.

When an employee is deceived into following the instructions,
criminals are more likely to repeat the attack with the same victim 

When cyber-criminals have created a picture of the organisation’s people and processes, they basically have two options for the next stages:

a.   Spoof existing email addresses;
b.   Set up a fake domain imitating the brand.

If criminals have discovered a vulnerability in your email settings, they can exploit that to determine the organisation’s email naming convention, i.e. the way email addresses are constructed, such as e.xample@organisation.com. With this information, they can imitate existing email domains to send messages, making it seem as if the message originates form a reliable source within the organisation or from a third party.

Digital footprint and Digital Risk Protection solutions:

  • Finding and repairing vulnerabilities in the organisation’s email security footprint and setting up tools such as DMARC, SPF and DKIM will help keep malicious emails from reaching employees.

If internal email security is more difficult to exploit, criminals can also register a domain name which closely resembles the brand’s domain name or that of a third party, but might differ in just one character. Next, they create a fake website and set up a near-identical email domain. If their victim only glances over the sender’s email domain, he/she is less likely to identify the threat and fall for the scam.

Digital footprint and Digital Risk Protection solutions:

  • Conduct automated scans to find all brand-related web pages and identify which do not belong to the organisation. It’s vital to scan without a pre-defined scope, or external domains and malicious social accounts might not be found.
  • Find newly registered domains by automatic detecting a brand’s name, logo, and slogan.
  • Continuously monitor the fake websites before they are weaponised. The collected evidence supports a Notice and Takedown procedure.

Zero-scope digital footprint monitoring

Having an impenetrable firewall is not enough to keep criminals from their intended goal. However, their chances of success can be significantly reduced by incorporating zero-scope digital footprint monitoring into your existing security processes. Identifying your organisational exposure and vulnerabilities in IT systems, as well as unveiling the preparation stages of incoming attacks over multiple channels will limit the risk and impact of a CEO-fraud attempt.

Securing critical infrastructure: new regulations mandate control

The name itself says it already: organisations in the critical infrastructure are vital in the services they provide in society. Should something go wrong in their daily operations, it can have severe consequences and disrupt individual people and other companies. That doesn’t necessarily mean they are more often targeted in (cyber-)attacks, but it does pose an extra reason to prevent any successful attack. Such organisations have often been in charge of their own cybersecurity, guided by regulations. Now though, authorities in the EU are starting to intensify their watchful eyes with the RCE directive. What is the EU RCE? And how should critical infrastructure organisations prepare?

read more

Mandatory IT audits: risk scores don’t mean security

More organisations in the Netherlands recognise the need for an active approach to stay in control over their attack surfaces in order to mitigate risks. Every organisation is able to create their own IT security governance and processes. Now, though, a new standard might be introduced in the form of an annual, mandatory IT audit. Is this a development helping businesses further? Or one that doesn’t really add anything other than paperwork?

read more

Determining your cybersecurity maturity

How safe your organisation is from a cybersecurity point of view depends on a lot of factors. Not only should your private and confidential data be kept private and confidential through a plethora of technical defenses, there are also, among others, many processes such as for IT governance and incident response to consider. How your organisation deals with all these challenges determines its cybersecurity maturity. But why is determining this maturity level important?

read more

Do you have a question?

Our experts have the answers

Contact us