T 01772 664 200
  • Get managed support 24/7 and 365 days a year
  • Telecoms, phone systems and networks
  • From strategy to implementation
  • Professional IP network installation
  • Cloud and on premises IT and telecoms
  • Complete IT support for your business
  • High availability internet - stay connected
13 + 17 =

Matt's Blog

CEO Fraud - What is it? How to protect against it!


Cyber criminals have become very clever over the past few years & they've developed some very cunning little tricks to dupe one such trick is CEO fraud.  It's a very real threat which according to the FBI costs the average targeted business $120,000 & has cost in excess of $2.3Bn over the past 3 years.

As with all IT Security warnings, most figures we see are very Americanised but CEO fraud is a very real threat to UK businesses too with over £32million reportedly being lost to this kind of attack. Worryingly it's likely that the true figure is far greater as firms may not report the loss to authorities OR may not even realise they have lost the money yet.

So what is it - well it's so called CEO fraud as the attack is one where an attacker purports to be a senior member of staff (maybe the CEO), attacks are often carried out using phone calls & email.  The attacker makes numerous contact with their "target" and builds up the picture of a "deal" before they actual make the request for the money to be transferred, this means that the targeted member of staff is expecting the request to be made to transfer funds to an account - when the attacker makes the request it doesn't seem out of the ordinary & the target complies.

These kinds of attacks work better in larger organisations as there are more likely to be senior staff involved whom the targeted staff member may never have met.

It's common for the attacker to use gmail, yahoo or other generic email accounts to communicate BUT some highly sophisticated attacks have been reported where the attackers have spent months learning the target organisation, hacking the mail system & actually monitoring the communications between certain individuals, learning the kinds of words, deals etc... that are discussed. Once a big enough picture has been built up the attacker will then choose the moment very carefully about when to send a message containing their bank details - they may even be clever enough to simply alter a legitimate message that was sent so nobody knows there is anything wrong - except when the money that has been sent never arrives with the legitimate recipient.

This kind of attack is very difficult to guard against 100% as they can take many different forms but our top 5 tips for avoiding CEO fraud are:-

  • If a new Senior member of staff makes contact with you - Verify that they really do work for your organisation!
  • Always double check the email address that sent you a request for payment - if it's come from a known person but a new email address that they haven't used before, alarm bells should be ringing - ask them if it's legitimate (preferably face to face)
  • Discuss the deal with other senior members of the corporation to ensure it is a legitimate deal
  • Make sure that your email system is secure & cannot be compromised
  • Always double check before you send money to an account that you've not sent to before

A major part of protection against this kind of fraud is with education - make sure that your staff are in tune with the kind of scams that they could be vulnerable to.  If they haven't been educated into some of the threats that are out there then they can't really be held accountable of they are tricked.

Attackers & fraudsters are using very sophisticated methods to take your money from you - don't make it easy for them!

(full article)
© ICTUK 2016   Website by
ICTUK Unit 5C, Barnfield Way, Ribbleton, Preston, PR2 5DB