CEO fraud scams are on the rise. They aren’t that different than other phishing emails, except most get it and think it’s from the boss. The FBI labels these type of attacks as BEC (Business Email Compromise) incidents and has issued statements about them. The FBI issued public advisories on the BEC scams, identifying a loss of $215 million from October 2013 to December 2014. These crimes can wipe clean out companies of millions of dollars. Your organization has to be first aware of these crimes before being in a position to prevent them.
In CEO fraud, threat actors are using a more sophisticated social engineering strategy. The email appears to be from the CEO with instructions to wire funds. Except it’s not, and the account is fraudulent. If it’s a normal request that doesn’t seem out of the ordinary and the receiver doesn’t pay close attention, they’ll send the request through. Except it wasn’t’ the boss, and the company was scammed out of money.
While you make think cybersecurity protocols would be able to catch these, the truth is they cost businesses real money. Ubiquiti Networks, a technology firm, was such a victim, although the company didn’t disclose details. Cybersecurity expert Brian Krebs uncovered it was a BEC which left the company with a loss of nearly $47 million. Moreover, this isn’t the only case. The Scoular Company lost over $17 million in a similar scam.
With a threat like this, prevention is key. Prevention comes from awareness and education. Learn more about CEO fraud prevention with these 10 prevention tips.
- Educate financial executives on this phishing scam. These threat actors have done their homework. They know whom to target in the financial team; someone who very well may receive real directives on wiring money. So, you’ll need (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Beth Osborne. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/xPPvFXugk_w/