Most businesses are now aware of the importance of cyber security and have taken steps to protect their systems against malware. But email impersonation, also known as CEO fraud, poses an additional challenge, and traditional security software alone may not be an adequate defence.
What is CEO Fraud?
Also known as Whaling, CEO fraud is the criminal act of attempting to trick a company employee into believing they’ve received an email request from a senior leader within their business. It’s often aimed at employees in finance or accounts, who have access to banking details, and will typically request an urgent bill payment or money transfer.
This method of social engineering is effective because it plays upon our tendency to trust and help others, and particularly the desire to impress our superiors. Even if the recipient finds the request unusual, they may be uncomfortable questioning the CEO of their business.
Furthermore, messages can be convincing. Correct names, titles and spoofed email domains add authenticity, and content is often cleverly written to avoid spam filters.
The Impersonation Threat
Email impersonation is becoming more widespread and poses a significant financial risk to companies. In a recent government report, 32% of those surveyed said that they had been the target of organisational impersonation.
Action Fraud UK reported that approximately £32 million was lost by businesses within a six month period at the start of 2016. The average loss was around £35,000.
The upcoming General Data Protection Regulation (GDPR) will force businesses to report attacks of this nature. If the fraud successfully targets customer data, companies could find themselves facing hefty fines up to 4% of global annual turnover, as well as reputational damage.
The Importance of Education
The primary method of combating CEO fraud is through employee education and by having clearly defined processes. Impersonation scams are highly dependent on coercing the recipient to take action. If the recipient has a clear understanding of safeguard processes, the odds of the fraudster succeeding diminish.
Employees should be able to identify the warning signs of fraudulent emails, such as:
- Domain name or header anomalies
Domain spoofing is a common tactic used to dupe busy employees – it’s easy to miss a slight change in the appearance of an email address. For instance, ‘yourcompany.co.uk’ could be ‘yourrcompany.co.uk’.
- Implementing a two-stage authorisation process
This is an excellent way to combat CEO fraud; forcing employees to ensure someone else reviews and verifies any financial requests. This can significantly reduce risk. Lowering the monetary amount employees can approve without secondary authentication can also help the cause.
- Adopt a “better safe than sorry” mentality
Employees should not be afraid to double check with their CEO if a request seems unusual. Think more haste, and less speed.
Expert Solutions and Advice
A business-grade anti-spam product can help to block malicious or fraudulent emails. At Air-IT, we advocate a layered approach to cyber-security to cover the many types of attack vectors. Just some of these include: ransomware, phishing, spamming, web redirection and more. Whaling is another term used to describe CEO Fraud. Unfortunately, it is particularly difficult to safeguard against this kind of attack since it lacks the traditional characteristics of spam email in the sense that it is malware free. It can also be highly targeted.
Sam Reed, Chief Technology Officer at Air-IT comments:
“CEO fraud is on the rise. There is no single answer to this issue and businesses need a combination of employee education, transparent processes, and security solutions to ensure they are protected.
As Mimecast partners, we’re delighted to be able to offer a solution that is enhanced with the most advanced email security capabilities to offer our clients and end users the very highest levels of protection from a wide range of email borne threats, including defence against impersonation scams.”
Email Security from Air-IT
At Air-IT, we partner with Mimecast, an industry leading provider of cloud-based email security which offers protection from a wide range of threats.
Mimecast Impersonation Protect is able to identify the markers of an impersonation email, whilst also protecting against traditional malware.
Indicators of a fraudulent email include domain irregularities, sender spoofing and certain keywords. Mimecast examines all of these messaging features and more. If any warning signs are detected, emails can be quarantined or marked as suspicious to alert the user.
Additional features available in Mimecast include integration with other cloud-based applications, such as Office 365. This offers email risk management in a single, fully integrated subscription service, reducing the cost and complexity of safeguarding and administering your business email.
Contact us today
If you would like to discuss your email security or our full range of Cyber Security services in more detail, then please do not hesitate to contact us on 0115 880 0044. We will be more than happy to help and advise you further.
Other useful resources
Alternatively, for more information on Whaling and CEO fraud, please download the free ebook from Mimecast below:Free ebook - Whaling: Anatomy of an Attack