CEO Fraud

CEO Fraud

Category: Mail Security


What occurs in the case of CEO fraud?

This is a form of social engineering in which the "human vulnerability" is exploited. In this fraud method, hackers pretend to be the CEO, manager or boss of a company. To appear credible, fraudsters research both the name and email address of the company's CEO and of people who might be authorized to pay. This information is easy to obtain from the company website, PR releases or trade register entries.

Employees are given a pretext to complete transactions such as transferring a sum of money to an account. The e-mails use deadlines or threats of legal action to put pressure on the recipient to act. The scammers often use deceptively realistic e-mails. Since employees may transfer large sums of money without asking just because of the boss's authority, CEO Fraud poses a great risk to companies.

How can companies protect themselves against CEO fraud?

  • Raising employee awareness of the fraud scam

  • Training based on concrete examples

  • Constantly informing about new threats

  • Raising the security awareness of all employees

  • Open corporate culture instead of authoritarian management style.

  • Fraud attempts can be detected and prevented more quickly.

  • In the event of unusual business transactions, it should be possible to make inquiries up to the management level.

In addition to increased vigilance and regular training of employees, clear and transparent rules are the key.

  • Clear procedures and responsibilities

  • Checking of absence regulations

  • Defined control and approval processes

  • Cross-checks in the event of changes to account details

  • Maximum limits for transfers

  • Contacting in case of suspicion

  • Verification of the payment request via callback to the named client

  • Checking e-mails for sender address and correct spelling

  • It is possible that only minor discrepancies exist in the e-mail address, which can expose attackers.

CEO fraud is difficult to prevent technically. Good spam/phishing filters can reduce the risk, but do not provide 100% protection.

  • Simple fraud emails can be detected.

  • Emails are considered suspicious if they are very similar to (but not the same as) the email address used in the company.

In addition to human vulnerabilities, which are often exploited in CEO fraud, there are also technical vulnerabilities that are often the gateways for hackers.

Here, it is important to identify and eliminate potential vulnerabilities in good time. Regular, automated security checks can help here.

Might be also interesting

Vulnerability Log4J

All important info concerning the new, critical security vulnerability Log4J and how you can protect yourself and your customers' IT infrastructure.

Read Article

Business Day of the SZ-Ybbs

At the business day of the school center Ybbs on 04.11. we had the opportunity to present our company and to talk to the students about future occupational fields and internships.

Read Article

IT Security Concept

Read Tom Haak's article on how automated cybersecurity checks can be used to make IT security, which is becoming more complex, more understandable.

Read Article