The State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
CEO fraud email scams are on the rise.
CEO fraud, a new kind of corporate email security threat, has risen sharply in recent months. Also known as whale phishing, CEO fraud email scams impersonate individuals with access to financial information or other sensitive data into making wire transfers or divulging bank account numbers, credit card information, passwords and other highly valuable data via email. These CEO fraud scams often target or impersonate CEOs or CFOs, or other C-level executives.
The FBI reports that CEO fraud and whaling attack instances increased by 270% between January and August 2015, and that losses due to these scams exceeded $1.2 billion in just over two years1. As organizations seek ways to prevent CEO fraud, many companies are turning to email security solutions from Mimecast.
Mimecast provides security, archiving and continuity cloud services that protect business email and deliver comprehensive email risk management in a single subscription service.
Mimecast Targeted Threat Protection with Impersonation Protect offers highly effective defenses to combat CEO fraud, improve whaling security. Impersonation Protect scans inbound email for key indicators that suggest the message may be part of a CEO fraud attempt. These include:
Mimecast’s Impersonation Protect helps to prevent CEO fraud by delivering:
What is CEO fraud?
CEO fraud is a type of cybercrime where attackers impersonate a company’s executives in order to trick an employee into sending unauthorized wire transfers or divulging sensitive information. The FBI reports that between 2016 and 2019, CEO fraud (also known as Business Email Compromise, or BEC) resulted in $26 billion in losses for companies worldwide.[i]
How does CEO fraud work?
CEO fraud is a highly targeted form of spear-phishing in which attackers research potential victims and their companies online, learning everything they can from the organization’s website, as well as information from social media sites such as LinkedIn, Facebook and Twitter. Targets are typically mid-level staff members in the financial, accounts payable or human resources department. Attackers craft a highly realistic-looking email that appears to come from the company’s CEO or another high-level executive and uses information learned about the target to make the email seem authentic. The email urges the recipient to take immediate action to transfer money to a specific account, provide sensitive information such as payroll or tax information, or share credentials that can provide attackers with access to corporate systems. Because these CEO fraud attacks emphasize urgency, secrecy and/or confidentiality, employees are often inclined to take action without double or triple checking to make sure the request is legitimate.
How to recognize a CEO fraud attack?
CEO fraud is much harder to recognize than common phishing emails that are sent to hundreds or thousands of recipients. The request may even come from a legitimate email address that has been hacked by attackers. However, there are several hallmarks of CEO fraud that all employees should look out for.
How to prevent CEO fraud?
Effectively preventing CEO fraud requires multiple layers of protection that may include:
How to report CEO fraud?
Attempted or successful CEO fraud attacks should be reported immediately to a company’s IT department, to senior leadership (including the person whose identity was impersonated) and to the bank from which any funds were transferred.
Attacks should also be reported to government agencies working to stop cybercrime such as the Cybersecurity and Infrastructure Security Agency (firstname.lastname@example.org), the Federal Trade Commission (www.ftc.gov/complaint) and the Anti-Phishing Working Group (www.antiphishing.org/report-phishing).