According to the FBI, CEO fraud is the most costly online scam, with fraudsters causing a total of $2021 billion in damage in 2,4. Here, a scammer requests a high referral from a company employee through the CEO's channels or with the identity. ESET shows how companies can get a grip on the threat.
When it comes to IT security, people are usually the weakest link in the chain - this also applies to social engineering, a form of phishing. According to the FBI, CEO fraud, a variant of social engineering, caused more damage to victims in 2021 than any other form of cybercrime. Although this scam ranks only ninth among the cybercrime types of the year in terms of the number of reported crimes, the criminals generated by far the highest damage of $2,4 billion. This is followed by investment fraud with 1,5 billion US dollars.
CEO fraud – the CEO is even impersonated
“A third of all damage caused by cybercrime is based on CEO fraud. The pressure of a manager or senior executive immediately asking an employee to make a referral doesn't make them think about the consequences of their own actions," said Thomas Uhlemann, Security Specialist at ESET. “Deepfakes, i.e. artificially created audio and video files in which faces or voices are manipulated, are now cheap to produce for the perpetrators. We are already aware of cases where fake audio files have been used. It can be assumed that these methods and fake videos will be used even more frequently in the future.”
What is CEO Fraud?
CEO Fraud (also known as Business Email Compromise (BEC)) is a scam in which company employees are manipulated by using false identities to transfer money. The perpetrators usually pretend to be the boss or manager of the respective company. They ask employees by e-mail or fax to initiate an urgent transfer. The perpetrators have often obtained sensitive data from the target company in advance and have precise knowledge of the organizational structure. Both flattered and pressured by the perceived importance, the unsuspecting employee makes the payment.
Three tips from the ESET security experts
- Pay attention to what information about your company is public and what employees also post on social networks, for example.
- Larger payment transactions should always be approved by two employees.
- Invest in advanced security solutions that also detect attacks using social engineering methods.
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.