270 billion emails are sent worldwide every day. This provides cyber criminals with plenty of opportunities to misuse this means of communication for email spoofing or CEO-fraud. Malicious senders try to receive large sums of money or confidential information by sending out fake emails to your employees or customers. They pretend to be a trusted business, colleague, or even the CEO to get a better chance of succeeding, causing serious damage to many SMEs and corporates.
Are you troubled by CEO-fraud?
More than phishing: Protect your organisation and employees
Email spoofing and CEO-fraud are both forms of cybercrime, where malicious parties send emails to or from an organisation, as if they are a person working there. This type of digital fraud resembles phishing, but in these cases attackers go to extreme lengths to collect organisational or personal information on the ‘sender‘. This adds to the credibility of the fake message and makes this type of cybercrime an even harder one to fight. CEO-fraud is well-prepared by the attackers: they go through open sources and social media platforms to gather information about their victims. After building the resembling profile of their target, they start the digital attack.
How the attackers work
The most successful CEO-fraud cases stem from proper research by the attackers using Open Source Intelligence (OSINT) sources like social media networks (LinkedIn, Facebook, Twitter) and presentation sites such as Prezi, Slideshare and Google Docs.
Collect information on target
Set up fake website
Send fake email to target
1. Collect information on target
Attackers gather information on their target based on OSINT (passive intelligence) and active intelligence. They do this by infiltrating the organisation, usually through leaked credentials. In certain cases, the attackers infiltrate through Webmail systems and set up email forward rules to external addresses hosted at anonymous email providers. This way, attackers can eavesdrop on conversations between the target and their contacts to understand what a normal email thread looks like.
2. Set up fake websites & accounts
As a next step, the attackers will set up a similarly looking website (phishing site). This website URL is usually one character different from the official name, e.g:
- acmebank.com -> acmebark.com;
- acmebank.com -> acrnebank.com (the ‘m’ is replaced by the characters ‘r’ and ‘n’);
- acmebank.com -> acmẹbank.com (dot below the ‘e’).
These websites usually show an official logo and certificate to make them look more convincing. Alternatively, attackers might resort to using fake LinkedIn profiles in order to gain confidence with your employees.
3. Send email from fake website
After the attack has been prepared, the email is sent to the contacts of the target. These emails usually contain payment instructions or ‘change of bank account’ notifications. They look very similar to original emails, as attackers are experienced in blending in with the normal flow of your organisation. Even well-trained personnel might not recognise this as an attack.
Emails sent by cyber criminals might contain links or attachments that lead recipients to a phishing web page or install malware on their device. Messages can also contain requests for payments or confidential details. As the email seems to come from a trusted and authoritative source, employees or third parties often provide what is requested. This way, payments are easily diverted to fraudulent bank accounts and sensitive information, like password details, is easily shared.
What you can do against CEO-fraud
There are some steps you can take to protect against CEO-fraud. These are:
- Create awareness: make employees aware that what they post online, stays online. Don’t share seemingly harmless information about yourself online. Every bit of information could help the attacker in building their puzzle;
- Protect: implement the technical anti-spoofing measures (SPF/DKIM/DMARC);
- Monitor: actively monitor for fake websites (don’t waste time on doing this manually; we can help you with our automated Digital Risk Protection platform);
- Takedown: take down websites that pose a threat to your organisation (again, this is our bread and butter);
- Scan social media: map the online social media footprint of your organisation and corporate accounts to protect employees from being tricked into fraudulent actions;
- Monitor the dark web: discover if any credentials have been leaked, exposing your organisation.
Protect your organisation and executives
We have successfully assisted many of our clients protect themselves against these kinds of digital risks. Contact us today to guard your organisation against CEO-fraud.
Most of the information used by attackers is found online. That’s why it is important to know what company details are publicly accessible. Protect your organisation by tracking attackers that use your brand name, the name of your C-level employees or other senior executives.
Knowing your online footprint will significantly decrease the risks of CEO-fraud.
Take control today!