An attack known as CEO Fraud is seeing an uptick as a new favorite for attackers. These attacks are a very specific type of phishing attack where the email is very well crafted to look like it is coming from the CEO (or another high-level executive) from within your own company. The gist of these emails is typically along the lines of “I need to move some money around, can you provide me with the account numbers for X, Y, Z?” These attacks are often very well crafted and may even be well-planned enough to use language that is typical of your CEO in email communications, and they may be very difficult to distinguish from a real email from the CEO.
How prevalent is it?
The IC3 reports that in 2014 business email compromises accounted for more than $214 million in losses for victims. Just this week, Ubiquity Networks reported a loss of over $46 million from an attack of this type. And that’s just the tip of the iceberg. There are endless stories of scams like these wreaking havoc on businesses. The moral of the story: no matter how big or small, start preparing your business now.
How can you protect your business?
Get ahead of it! Send a company-wide communication to your team warning them of what to look out for. If people are prepared, it is much easier for them to recognize an attack (and not fall victim to it).
Educate your people. I know we sound like broken records over here, but education is key to protecting your people and your company. Invest in an education and awareness program sooner rather than later. Find out why we want you to create an education and awareness program rather than a training and awareness program.
Lay down policies and create methods for reporting possible attacks. Lay down what is and isn’t acceptable at your company (i.e. financial account numbers should not be shared via email) and communicate those to your employees. Now give your people clear procedures for reporting those fishy emails so your company can stay on top of what’s happening.