The latest scam targeting companies throughout the nation, known as CEO Fraud, is a scam in which hackers impersonate corporate executives to trick employees into sending confidential tax information. According to the FBI, this form of hack attack targets “businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”
Between 2015 and 2016, the FBI recorded a 1300% increase in CEO fraud. With incidents of this type of fraud occurring in every state of the U.S., as well as companies in 100 other countries, it’s important to recognize and prepare for these types of attacks. According to KnowBe4, there are four main attack methods:
Phishing: This attack method relies on sending emails to many users to try and “fish” their personal information, such as social security numbers. In most cases, these emails appear legitimate, with realistic logos and titles, and oftentimes mimic banks, credit card providers, delivery firms, and the IRS.
Spear Phishing: Spear phishing is a much more targeted and personalized type of hack attack. Each hacker who employs this method spends a significant amount of time researching their targets to create highly customized emails that are much more likely to be clicked on.
Executive Whaling: In this attack method, cybercriminals target corporate executives and administrators to steal confidential data. Similar to spear phishing, substantial research goes into the hacking process.
- Social Engineering: This is the process cybercriminals use to gather information for personalized attacks. It includes extracting information from social media sites like LinkedIn, Facebook, and Twitter. As hackers browse through their target’s pages, they will note contact information, connections, friends, and any other valuable information they can find.
Although CEO fraud has the highest incident rate, cybercriminals may also target the following groups:
Finance Department: According to the FBI, hackers are targeting businesses that regularly wire transfer payments—and those in the finance department are usually the employees doing this.
Human Resources Department: HR is becoming a highly targeted department, as these employees manage the company’s employee database and recruitment process. They view thousands of resumes a year, so hacking links and downloads can be easily incorporated into fake job applications.
IT Department: In most cases, the IT department manages the company’s passwords, email accounts, and access controls. Hackers see this as a great opportunity because once an IT email is hacked they gain access to the entire organization.
To prevent a cybercriminal from breaching your company’s network, whether you’re a CEO or HR manager, it’s important to educate all employees and update every security system. For more information about how to avoid CEO fraud, or to learn more about security system updates, contact on of our IT specialists and sign up for a security checkup below.