The State of Email Security 2018 Report
The latest threats, confidence killers and bad behaviors—and a cyber resilience strategy to fix them
The dangers of CFO fraud.
CFO fraud is a new kind of cyber threat that seeks to defraud companies by targeting high-level financial administrators. Collectively known as "whaling," CFO fraud and similar attacks on CEOs and other top executives seek to compromise an organizations security by duping members of finance teams into wiring cash to hackers and cyber criminals. 1These types of attacks have risen sharply in the past couple of years — the FBI's Internet Crime Center of IC3 reported in August 2015 that successful attacks had increased by 270% since the beginning of the year.
CFO fraud usually begins with a spear-phishing email that appears to be from the CFO or another high-ranking executive and requests a wire transfer be made to an account that is later discovered to be fraudulent.
Preventing CFO fraud requires more than employee education, as nearly one-quarter of employees continue to open spear-phishing emails even after receiving training to spot such fraudulent attempts. To prevent spear phishing and CFO fraud, organizations need powerful phishing protection that can eliminate the potential for human error in identifying and responding to suspicious emails.
That's where Mimecast can help.
Mimecast Targeted Threat Protection with Impersonation Protect is Mimecast's solution for CFO fraud and other kinds of whaling attacks. This powerful service scans all email and uses key indicators to determine whether the content of an email is likely to be part of a CFO fraud or other kinds of attacks that use social engineering such as spear-phishing andvirus ransomware.
To stop phishing emails and CFO fraud, Mimecast scans each message for specific signs of fraud. These indicators include:
When an email is deemed suspicious, Mimecast can block it, bounce it or tag it as suspicious to ensure that employees receiving the email are not tricked into making fraudulent wire transfers or revealing sensitive employee data.