Let’s begin with a scenario more and more of you, regrettably, can likely relate to. You see an email in your inbox that has your colleague or boss’s name on it, asking you to do something. Maybe it’s asking you to purchase a number of e-gift cards for employee rewards; like what happened to a customer of ours quite recently. Of course your boss needs these cards urgently; so you drop everything and go to Amazon.com and acquire said e-gift cards immediately. You’re about to send hundreds of dollars’ worth of Amazon money to the requester, whom you think is your boss, but is actually a fraudster impersonating your boss, when your spidey-sense begins to tingle and you stop and confirm with your boss in person that they were indeed requested legitimately. In fact no, your boss informs you, they had zero knowledge of this and ask you to report the email to IT immediately.
This is a real life example of what CEO Fraud looks like, and the FBI reported recently a 1300% rise in losses from fraud of this sort. There are three methods of this type of attack, all a variety of what is referred to as phishing:
Phishing is the act of sending out emails to many recipients in an attempt to retrieve valuable and or sensitive information through the impersonation of a reputable source. These emails can look quite official and appear to legitimately come from the impersonated source.
This is a far more targeted approach to phishing where the bad actor has learned their target’s communication style and typically comes in the form of outright impersonation of a high level individual within an organization – a “C” level employee. The email goes to a specific individual or group in an attempt to either steal money or sensitive organizational or customer data. Often the “friendly name” of the email looks exactly the same as what you would see from the actual employee, but underneath that friendly name is a bogus email address.
Spearing is a more focused version of phishing; perhaps targeting an accounts payable department or person within an organization. These emails can even include the appropriate person’s name in the email; furthering the seemingly legitimacy of the email.
All of that sounds pretty darn scary, right? Well, good news Cadan Technologies has just rolled out CEO Fraud Protection as a part of our Securence Anti-Spam & Anti-Phishing Solution. CEO Fraud Protection allows friendly names to be tied to only one allowable email address and quarantines everything else.
Interested in getting CEO Fraud protection for your organization? Contact your friendly Cadan Technology Consultant today!