Preparing employees for security breaches - the "CEO Scam"

Almost everyone has heard of the Nigerian Prince scam.

This scam has not only been used via the internet, but also through fax and traditional mail, making the elderly prime targets and victims for this sort of scam. However, cyber criminals are growing more cunning with time - targeting businesses and specific individuals within businesses they deem to be vulnerable.

Cyber criminals targeting individuals

The Nigerian Prince scam; while still in existence, is no longer at the forefront of most cyber-criminal strategies. As time has gone on, internet users have become more savvy and aware of the warning signs of a “phishing” scam. This has meant that online fraudsters have had to evolve their strategies and refine their criminal activities in order to successfully steal your money.

How cyber criminals are targeting businesses today

The best scams back in the day would use information from either publicly trusted figures or authoritative members of society and present that information to the would be victim in a way that suggests it was sent by the figure or authority. Today, it’s reasonably easy to detect this sort of online scam and completely ignore it.

But how about this:

Let’s say you’re at work, just going about your daily tasks and then an email lands in your inbox from your employer.

The email has all the quirks and writing mannerisms you've come to expect, so nothing about the email raises any alarm. You continue reading the email as it talks generally about a project that you have been working on with your employer.

One thing that stands out - your employer is requesting that you send a hefty amount of money from the business to an account you have never seen before. Your employer is making it a point that the transaction is urgent, and must be done soon.

You reply to the email promptly, completing the transaction to remain compliant with your employers urgent request. Usually, you would want to talk to your employer before sending such a large sum of money to an account - but the apparent urgency in the email caused you to compromise standard procedure.

The money disappears and you and your employer have no clue how something like this could have happened.

What is “CEO Scamming”?

CEO scamming has become an extremely successful stream of revenue for online fraudsters looking to pull big bucks quick. Our favourite cyber criminals pour their time into investigating and studying their targets (business) by gathering information on the CEO/Director/General Manager of the business. They then use this unique information to coerce employees into releasing sensitive information or funds through email.

Some craftier scammers (like the example above) study the figureheads of the business they are targeting to create a believable narrative in their emails. The effort they go through to emulate business figure heads often improves the likelihood of an employee complying with any given instructions before seeking a second opinion from a colleague or overseer.

CEO scamming has become an extremely successful stream of revenue for online fraudsters looking to pull big bucks quick.

How do I avoid the CEO Scam?

The best possible defense against this sort of scam is a healthy line of communication.

If you're an employee, is your boss:

• Easy to talk to?
• Approachable?
• Easily accessible?

If you’re a boss:

• Do you have protocol in place for suspicious emails?
• Are your employees trained to detect potential phishing scams?
• Do you project yourself as approachable, reasonable, and available to your employees; especially concerning serious subjects such as money, health, and personal information?

If you find yourself agreeing with the bullet points above, you can rest easy knowing your business won’t be under major threat of a CEO Scam. However, if you feel that you can’t resolve at least one of the questions listed above with a positive answer, you may need to review those areas to better secure and protect your business.

About the authour

Bryn Robinson deals directly with assisting small to medium business clients in relation to their Accounting, Taxation, and Business Growth through software and technology. If you’d like to speak with Bryn about growing your business, contact us.

Click here to learn more about me!