CEO fraud causes high costs

top cybersecurity companies

The most costly online scam is when scammers pose as executives (CEO fraud). But there are ways to get the threat under control.

Dare, look who. When it comes to IT security, people are usually the weakest link in the chain – this also applies to social engineering, a form of phishing. According to the FBI, CEO fraud, a variant of social engineering, caused more damage to victims in 2021 than any other form of cybercrime. Although this scam ranks only ninth among the cybercrime types of the year in terms of the number of reported crimes, the criminals generated by far the highest damage of $2.4 billion. This is followed by investment fraud with 1.5 billion US dollars. In their current article on WeLiveSecurity, ESET security experts show how companies can reliably protect themselves against CEO fraud and other threats.

“A third of all cybercrime damage is based on CEO fraud. The pressure of a manager or senior executive immediately asking an employee to make a referral doesn’t make them think about the consequences of their own actions,” said Thomas Uhlemann, Security Specialist at ESET. “Deepfakes, i.e. artificially created audio and video files in which faces or voices are manipulated, are now cheap to produce for the perpetrators. We are already aware of cases where fake audio files have been used. It can be assumed that these methods and fake videos will be used even more frequently in the future.”

“In these meetings, the scammers use a still image of the CEO with no sound, or use a fake audio track (via deepfake). The scammers then claim that their audio/video would not work properly. The scammers then use the virtual meeting platforms to directly instruct employees to make transfers, or use the CEO’s compromised email account to instruct transfer orders.”

Deepfake audio has already been used in two high profile cases to devastating effect. In one case, a British manager trickedby being led to believe his German boss had asked for a transfer of 220,000 euros. In another case, a bank manager from the United Arab Emirates brought to itto transfer $35 million at the request of a “customer”.

What is CEO Fraud?

CEO Fraud (also known as Business Email Compromise (BEC)) is a scam in which company employees are manipulated by using false identities to transfer money. The perpetrators usually pretend to be the boss or manager of the respective company. They ask employees by e-mail or fax to initiate an urgent transfer. The perpetrators have often obtained sensitive data from the target company in advance and have precise knowledge of the organizational structure. Both flattered and pressured by the perceived importance, the unsuspecting employee makes the payment.

Three tips from the ESET security experts

  • Pay attention to what information about your company is public and what employees also post on social networks, for example.
  • Larger payment transactions should always be approved by two employees.
  • Invest in advanced security solutions that also detect attacks using social engineering methods.

Leave a Reply

Your email address will not be published.