HWG srl
  • Services
    • Cyber defense
      • Security Awareness
      • File Integrity Monitoring
      • Network Security
      • Browser Isolation
      • Email Security
      • Endpoint Security
    • Machine intelligence
      • SIEM
      • EDR
      • SOAR
      • Anomaly Behavior Analysis
      • Cyber Threat Intelligence
      • Deception
      • Threat Data Feeds
      • Vulnerability Management
      • ICS Security
    • Human expertise
      • Security Assessment
      • Incident Response
      • Security Monitoring
      • Threat Hunting
  • About us
  • Blog
  • Resource Center
  • Contacts
  • Careers
  • en
    • it
HWG Incident Response
HWG srl
  • Services
    • Cyber defense
      • Security Awareness
      • File Integrity Monitoring
      • Network Security
      • Browser Isolation
      • Email Security
      • Endpoint Security
    • Machine intelligence
      • SIEM
      • EDR
      • SOAR
      • Anomaly Behavior Analysis
      • Cyber Threat Intelligence
      • Deception
      • Threat Data Feeds
      • Vulnerability Management
      • ICS Security
    • Human expertise
      • Security Assessment
      • Incident Response
      • Security Monitoring
      • Threat Hunting
  • About us
  • Blog
  • Resource Center
  • Contacts
  • Careers
  • en
    • it
HWG srl
HWG Incident Response
  • Services
  • About us
  • Blog
  • Resource Center
  • Contacts
  • en
    • it

CEO Fraud: what is it and how to defend yourself

Published by HWG on 2 February 2022

In the last three years, according to the FBI, CEO Fraud attacks have caused companies $26 billion in damages. This is an astronomical figure that, according to security experts, could grow further in the coming months. To defend themselves, companies must act on two fronts: put in place adequate IT tools and provide strict control procedures in business processes.

How CEO Fraud works

From a purely technical point of view, CEO Fraud is a scam based on the impersonation of the CEO or a senior executive by hackers. The ultimate goal is to send a fake communication that appears to come from the CEO to order a payment that will, of course, end up in their pockets. The starting point of the cyber criminals' attack strategy, in this case, is normally the theft of the victim's access credentials to communication tools (typically email), using spear phishing techniques or more "aggressive" attacks that exploit trojans capable of stealing usernames and passwords. Once they have secured the ability to use the victim's email account, the hackers are ready to strike.

CEO Fraud: the study phase

In order to carry out CEO Fraud, cyber criminals first carry out an analysis of the target. Their goal is to gain maximum credibility. With access to the email inbox, they can read all of the victim's correspondence and get an idea of the internal processes within the company: they can find out who is responsible for payments, learn about the procedures and also study the way in which communications between managers and employees take place. In this way they will know, for example, whether email exchanges use a formal or more "casual" tone, as well as recording information that may be useful in impersonating the victim without raising suspicion. Often, they also use this stage to choose the time to carry out the attack, for example, taking advantage of a vacation period when the CEO is hardly reachable.

The CEO phishing strategy

In defining the actual "hit," pirates may adopt different tactics. In some cases, they choose to use the simplest and most direct route, opting to send the CEO a payment order that has a regular vendor as the recipient, but contains artfully altered bank details so that the payment ends up in their bank account. The risk of this strategy is that the employee may notice that the payment points to a different IBAN than usual and discover the scam. The alternative is to create more elaborate schemes that involve payments to entirely new individuals. The alternative is to create more elaborate schemes, involving payments to completely new people. To add credibility, fraudsters often provide detailed documentation and may even use telephone contacts to give the appearance of credibility to the whole operation in order to arrive at the final "sting".

Countermeasures to defend against CEO Fraud

The fight against CEO Fraud takes place on two levels: the first is preventive and requires the use of protection tools such as multi-factor authentication and the use of detection techniques (the most advanced are based on artificial intelligence and machine learning) able to identify attacks based on spear phishing and malware. Equally important, from this point of view, are the tools that allow to monitor the access to the e-mail box, able to detect anomalous activities such as the connection from foreign countries. The second aspect, always related to cyber security but this time declined in a perspective of company organization, foresees both an awareness activity that allows to sensitize managers and employees towards the risk related to CEO Fraud, and the adoption of policies and procedures that foresee, for payment orders, cross-checks (for example to verify the bank coordinates of suppliers) and the request of authorizations by more subjects for the execution of payments.

Tags: CEO Fraud, Incident Response
Back to Blog

Subscribe to our blog!

Popular post

  • 11 Apr 2022
    HWG appoints Cyber-Industry veterans to its board ...
  • 01 Mar 2022
    Investcorp acquires Italy’s leading cybersecurity ...
  • 16 Feb 2022
    OT Security: how to reconcile business continuity ...
  • 17 Mar 2022
    Security Operation Center (SOC), is it really esse...
  • 09 Feb 2022
    SOC as a service: how to choose the best one

Topics

  • CEO Fraud (1)
  • Compromise assessment (1)
  • cyber resilience (1)
  • cyber risk (1)
  • Dark Web (1)
  • Incident Response (3)
  • Industry 4.0 (3)
  • IoT (2)
  • operational technology (1)
  • security assessment (1)
  • security operation center (1)
  • SOC (3)
  • Spear Phishing (2)
  • Vulnerability Management (1)
  • Zero Trust (1)

Related Articles

Incident response: how to react and prepare for legal action

Incident response is the serie of procedures used to deal with a cyber attack. Indeed, responding...
Read More

Incident Response: more than just the technical aspect

"The truth is simple: when you've suffered an attack and you've been damaged, the sooner you accept...
Read More

Cyber security in OT environment: limits and challenges in the "post Covid" era

Can a health emergency impact cyber security management in an OT environment? The answer is yes....
Read More
HWG
  • ISO certified company
  • ISO
  • clusit
  • Services
  • About us
  • Blog
  • Resource Center
  • Contacts
HWG Incident Response
2021 © HWG Srl

HWG Srl | Via Enrico Fermi, 15/E - 37135 Verona | P.IVA 03820790230

  • 231/2001 Model
  • Privacy Policy