From research by Allianz Trade shows that in 2023 11% of all external frauds suffered by Dutch companies were CEO frauds. Of all the fraud claims that came in to insurer Allianz, half were higher than €50,000. But what does CEO fraud entail and how can you guard against it?
Theft through abuse of trust
Imagine this; your financial officer logs in on a Monday morning and has received an email from you asking him to transfer €40,000 to an account. Does he transfer the money immediately or does he check it anyway?
These and many more variations fall under the heading of CEO fraud. This is a form of digital crime that specifically abuses trust and management roles within your organization.
How does the attacker penetrate your organization?
Usually, scammers hack your mailbox or that of a manager from your company. It is also possible that the attacker creates a domain with a misspelling. In this case, the scammer creates an email address with a misspelling, the email address looks very similar to yours, but is thus owned by the attacker. The attacker can then issue payment orders within your organization, hoping that your employee will not see the misspelling in the email address and transfer the money.
Another common method is social engineering. With social engineering, malicious people take advantage of the trust of your employees, this way they try to gain access to your company data or systems. This method relies more on the gullibility of your employees than hacking technology.
How do you avoid becoming a victim of CEO fraud?
To prevent CEO fraud, it is important that your employees are properly trained in fraud detection. People are often the weakest link when it comes to information security, which is why Awarenes Training important. If employees are not aware of the risks, they may make unintentional mistakes that make data breaches and cyberattacks more likely.
With a phishing campaign test how vulnerable your organization is to fraud. Often a situation is created that resembles an actual one from your company, such as a login page, distributed to your employees via mail, for example.
There are also a number of organizational measures you can take to prevent CEO fraud:
- Ensure that consent for transactions is not or not entirely via email, but partly physically, by phone or through a secure platform.
- Always conduct a transaction through the four-eye principle so that it is always double-checked.
- Ensure that procedures regarding transactions are always followed, even for small amounts.
It does not have to cost a lot of money and time to take the above measures. In all cases, the investment is negligible when you compare it to the damage of a successful attack. It is always better to prevent, than to become a victim.
This article was written by Wilbert Hilhorst. Do you need help or have any questions? If so, please contact him without obligation.