Business Email Compromise (BEC) Part 2 of 5: CEO Fraud

by | May 9, 2019 | Cyber Fraud

Protecting a business network from the multitude of cyber threats out to compromise a network means getting to know the bad actors who create them, what attack vectors they employ, and what payload they are after.

The FBI’s Crime Complaint Division stated in their 2018 Internet Crime Report, which just came out, that Business Email Compromise (BEC) is by far the most popular attack vector used to breach security. It is a method that often accompanies larger information security breaches, like ransomware attacks. The FBI mentions 5 primary types of BEC attack. In all of them, the scammer is simply using email or phone communication to pull off con artist work. In the info security world, this is called Social Engineering. But whether you call it social engineering or con artistry, if someone is convincing you to comply with an action that leads to theft or criminal compromise, then it’s all the same. Fraud is fraud.

In yesterday’s blog post, we covered the Data Theft Scam version of BEC fraud. Today we will see how it works when the con man poses as the boss.

CEO Fraud

Typical Target: Mid-management and lower level employees

Method of Manipulation: The fraudster poses as an upper management figure, usually communicating via email (which is usually spoofed to look like it comes from the right person), and makes a request.

For example, the fraudster, posing as the boss, may send an email request to an employee in acquisitions. The fraudster may direct the employee to make a purchase that will turn out to be a bogus buy (ultimately lining the pockets of the fraudster).

Or, the fraudster may send an email that goes out to general staff, asking employees to click a link or open an “important memo” attached. Once the link is clicked or the attachment is opened, a virus contained therein is let loose in the network, possibly to be the gatekeeper for another cyberattack that is yet to come. Remember, it is not uncommon for cyberattacks to happen in phases. Installing a virus in a network to be the gatekeeper, so that a larger malware can gain access later, is not an uncommon scenario. It is suspected that the recent ransomware attack against Arizona Beverage Company happened just this way. It usually starts with an employee who unwittingly provided a fraudster access to the network. The CEO Fraud method works well to that end.

Posing as a boss is a great way to get employees to comply with nefarious requests that will lead to a breach. In all cases of CEO Fraud, the email will be in the boss’s voice, usually expressed with authoritative language and pressuring for compliance.

Objective: Whether the objective of the social engineer here is a straightforward theft operation, or if it is just one phase of a larger cybercrime event that is about to unfold, the social engineer gets paid for a ruse well executed.

Educate Employees

The best defense against CEO Fraud is having your employees trained to spot spoofing emails. They should also be equipped with protocols for responding to threats of this sort, and to alert the other employees about the scam when it rears its ugly head in your inbox.

Use Email Security Software Solutions

Even with every employee equipped to spot a CEO Fraud spoof, employees get tired and distracted with the other cares of work. It is easy to miss the signs. Spoofers work hard to be entirely convincing to you. Just one innocent lapse of judgement can lead to a security breach. Therefore, we highly recommend an Email Security Solution to be a part of a business’ security posture. Since email scams are successful tools of cyber criminals, it is essential to protect one’s company from this attack vector.

Hybrid VDI - Total Economic Impact of VMWare End User Computing