Business Email Compromise (BEC): How To Avoid CEO Fraud

Introduction

Phishers, especially the type that specialize in high-level CEO fraud, are often large criminal organizations with expertise in exploiting open ports in firewalls, both technical and human. Systems must provide a port to handle everyday email traffic. Phishers, however, use it to infiltrate a system with three basic objectives:

  • Interest and exploration
  • Disruption and destruction
  • Ransom and financial gain

The first is usually composed of young programmers looking for personal validation by doing something that is supposed to be difficult. Perpetrators of the second type are generally protesters looking to advance an agenda. The last type is composed of criminals simply looking to steal money, data or resources.

Today we will talk about this latter type of attack, specifically the attacks focused on residents of the C-suite.

What Is CEO Fraud?

The idea a CEO would send a request for a funds transfer seems almost harmless when you consider the number of frightening alternatives that rely on convincing a member of the C-suite to reveal vital personal or corporate data. Business email compromise (BEC) often pivots on making one single penetration, obtaining credentials, and then being able to manipulate and maneuver events, documents or people into performing tasks with the full authority of a highly placed official. For this reason, it’s dangerous to have a corporate structure in which one person would be able to issue verbal orders (with no paper trail) that could result in security and financial instability for the company.

How does CEO Fraud Work?

CEO fraud, or, more broadly, C-suite fraud, involves extensive observation and investigation about what sorts of financial or security/data activity occur through company email and memos. Phishers will infiltrate an email system and study it, sometimes for weeks or months without taking action. S/he will look at the exact wording of (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Randi Sherman. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/pD_FryHcaBw/