Schedule a Consultation Today (614) 484-0918

Posted by A-Jay Orr

Just How Big Of A Problem Is CEO Fraud?

CEO Fraud is shaping up to be a big problem for businesses this year. How big?

Recently, hackers stole $5.9 million thanks to a spoofed email claiming to come from the CEO of the company. The executive who fell for it lost his job. In another case, a manufacturer lost $44 million after falling for an email that legitimately looked like a payment request from headquarters. Unfortunately, these examples aren’t anomalies.

We’re talking about attacks in all 50 states and 131 countries big…
Billions of dollars in losses big…
People losing their jobs big…

And yet, many business leaders still don’t know exactly what it is, how to protect themselves, or what to do in the event of an attack. Consider this your crash course.


Terms you need to know for this article:

  • CEO Fraud: a ploy that involves tricking top-level executives into making a large wire transfer into what turns out to be a bogus account.
  • Business email compromise (BEC): a common form of CEO fraud that exploits a corporate email account and assumes the owner’s identity to defraud the company.
  • Phishing attack: sending fraudulent emails to a specific individual or department within your organization. These emails appear to be from a trusted sender. In reality, they’re from cybercriminals attempting to steal confidential information.
  • Social Engineering: The act of manipulating people using social interaction to gain confidential information.

The Facts

  • Business email compromises currently amount to $5 billion in losses that involve 40,000 victims.
  • BEC’s are projected to exceed $9 billion in 2018.
  • On average, only 4% of funds are recovered.

Attacks are proliferating. They’re becoming more sophisticated. And according to cyber scum, they’re not terribly difficult to execute. Why? Because people are complacent and under-educated on security measures. They don’t know what the red flags look like. And there isn’t proper security policy and procedures in place to prevent attacks from being carried out successfully.


The Most Common Targets

  • Finance Department: Because of their access to financial accounts.
  • HR Department: Because of their access to every person within the organization.
  • Executive Team: Because of their authority.
  • IT Department: Because of their access to controls, credentials, and accounts.

Tips For Prevention

Identify High-Risk Users
Before you can protect yourself, businesses need to know where their greatest risks lie. Use the targets above to guide your process for identifying these individuals.

Put Technical & Procedural Controls In Place
Technical controls include email filtering, two-factor authentication, firewalls, site-blockers, etc. These measures are important, but they are not foolproof. Your IT department is a major part of this step, as keeping software up-to-date and technical controls in working order is your first defense. But one of the greatest mistakes businesses make is stopping their security initiative here. Keep going!

Create And Implement a Security Policy
You might think it’s common sense, but a policy that clearly states your expectations related to internet use and other security measures should be created, distributed, and regularly discussed. In this policy, include instruction on not opening attachments or clicking on links from an unknown source, not using USB drives on office computers, password management, and more.

Train Every Single Employee (Including Leadership)
Even with every possible security solution in place, your most likely culprit, and therefore, your greatest risk is your users. Make training a key part of your security strategy.

PRO TIP: Create simulated phishing attacks to train and test your employees. Address employees who fall for the attack and retest regularly. If employees know they may be tested, they are more likely to remain vigilant.

Unfortunately, this information is just the tip of the iceberg. We created an entire CEO Fraud Prevention Manual that you can download for free by clicking here. Use this manual to train your employees and leadership team. 2018 is shaping up to be an even tougher year for cybersecurity, but knowledge is power. Stay sharp!