We use cookies to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information you have provided to them or that they have collected based on your use of their services. Read how we use cookies and how you can manage them by clicking on "Preferences".

Preferences Accept

Privacy Preferences

When you visit our website, the website may store or retrieve information via your browser, usually in the form of cookies. Since we respect your right to privacy, you can choose not to allow the collection of data from certain types of services. However, not allowing these services may affect your experience.

Privacy policy

You have read and agreed to our Privacy policy

REQUIRED
LinkedIn & Twitter

We use the LinkedIn and Twitter services to enable social networking content on this site.

Google Analytics

We use Google Analytics to analyze website traffic.

Privacy policy
19 Apr

What can you do against CEO Fraud

Phishing attacks targeting businesses continues to grow. 30% of these attacks target the so-called CEO fraud. An employee of the finance department receives an email that appears to be from their CEO. In the fake e-mail, the CEO urgently asks for an amount to be transferred.

CEO fraud requires a lot of preparation

Cybercriminals use different techniques and tactics to deceive people in organizations. With the aim of looting personal information, intellectual property or money. They usually target companies that work with foreign suppliers and make regular transfers. Then the criminals take on different characters to encourage urgency and increase legitimacy. They prepare well for this by getting to know as much as possible about their characters.

They do research on social media such as; LinkedIn, Facebook and twitter, but also start e-mail and telephone communication in order to properly copy their character. Then they study the rest of the company, employees, suppliers, financial systems and the CEO's travel plans. Because eventually they strike if the CEO is not available.

A number of tips to prevent fraud

We give a number of tips on what you can do about this in the field of technology, processes and people. To prevent yourself from becoming a victim, it is a must to set up your processes properly. This will make deviations immediately visible. And if assignments by the CEO by e-mail are normal, agree that they will always be confirmed by telephone. By calling the CEO himself. Since the problem is broader than just the CEO fraud, some additional tips:

  • Be careful about what is posted on social media and websites, especially details about job openings and hierarchical information. This can be easily trained in a workshop and with e-learning.
  • Look very carefully at e-mail messages, even if they appear to be from someone you know. Give your employees e-mail training to quickly estimate this.
  • Make your employees resilient and alert to internal and external fraud.
  • Using techniques such as DNSSEC, SPF, DKIM and DMARC can prevent spoofing of your domain name.
  • Consider digitally signing and encrypting emails. This prevents the interception, reading and modification of e-mails by others. It guarantees the recipient that the message is unaltered and from the sender.
  • Implement Two Factor Authentication (TFA) for corporate email accounts. Two-factor authentication is an extra layer of security, ensuring that you are the only person who can access your account. Even if someone knows your password.
  • Provide an e-mail and web gateway prevents spam, but also access to questionable websites.