As an attack, the CEO email wire fraud attack couldn't be simpler. There's no malware to write and no malicious code or links to implant. It's a text-only email, plain and simple – but it’s the social engineering that makes it work.
Due to its simplicity, these spoofing attacks are one of the fastest growing forms of cyberfraud. According to the most recent FBI alert, in the last 15 months, the FBI says Business Email Compromise attacks (BECs, for short), often CEO spoofing emails aimed at wire fraud, have increased 270 percent.
A typical CEO fraud attach. Image: Phishme
Don’t Be a Victim
The business e-mail compromise scam has resulted in companies and organizations losing billions of dollars. But as sophisticated as the fraud is, there is an easy solution to thwart it: face-to-face or voice-to-voice communications.
"The best way to avoid being exploited is to verify the authenticity of requests to send money by walking into the CEO’s office or speaking to him or her directly on the phone," said Special Agent Martin Licciardo. "Don't rely on e-mail alone."
Here are other methods businesses have employed to safeguard against BEC:
- Create intrusion detection system rules that flag e-mails with extensions similar to company e-mail. For example, legitimate e-mail of abc_company.com would flag fraudulent e-mail of abc-company.com.
- Create an e-mail rule to flag e-mail communications where the "reply" e-mail address is different from the “from” e-mail address shown.
- Color code virtual correspondence, so e-mails from employee/internal accounts are one color and e-mails from non-employee/external accounts are another.
- Add additional two-factor authentication to verify changes in vendor payment location, such as having secondary sign-off by company personnel.
- As a part of two-factor authentication, use phone verification to confirm requests for transfers of funds; use previously known numbers, not the numbers provided in the e-mail request.
- Carefully scrutinize all e-mail requests for transfer of funds to determine if the requests are out of the ordinary.
Source(s): www.fbi.gov; https://blog.cloudmark.com.