CEO fraud email scams are on the rise.
CEO fraud, a new kind of corporate email security threat, has risen sharply in recent months. Also known as whale phishing, CEO fraud email scams impersonate individuals with access to financial information or other sensitive data into making wire transfers or divulging bank account numbers, credit card information, passwords and other highly valuable data via email. These CEO fraud scams often target or impersonate CEOs or CFOs, or other C-level executives.
The FBI reports that CEO fraud and whaling attack instances increased by 270% between January and August 2015, and that losses due to these scams exceeded $1.2 billion in just over two years1. As organizations seek ways to prevent CEO fraud, many companies are turning to email security solutions from Mimecast.
Stop CEO fraud with Mimecast.
Mimecast provides security, archiving and continuity cloud services that protect business email and deliver comprehensive email risk management in a single subscription service.
Mimecast Targeted Threat Protection with Impersonation Protect offers highly effective defenses to combat CEO fraud, improve whaling security. Impersonation Protect scans inbound email for key indicators that suggest the message may be part of a CEO fraud attempt. These include:
- The display name, or friendly name, which may reveal that an attacker is trying to spoof and internal email address.
- The sender’s domain name. Attackers will often use a domain name that is very similar to the recipient’s domain name, with small differences that may not be noticed immediately.
- The registration date of the sending domain name. Newly registered domains are often used in CEO fraud and may indicate that the message is suspicious.
- Certain words such as “bank transfer” or “wire transfer” in the body of the message that may indicate the message is part of an attack.
Features of Mimecast’s solution for CEO fraud.
Mimecast’s Impersonation Protect helps to prevent CEO fraud by delivering:
- Real-time protection against social engineering attacks that do not use typical tactics such as malware, malicious URLs and weaponized attachments.
- Complete control over how suspicious messages are handled. Messages may be bounced, quarantined or tagged as suspicious to alert users to the possibility of a fraud attempt.
- Comprehensive protection from Mimecast’s threat intelligence infrastructure and Messaging Security teams.