CEO Fraud is a very simple and effective cyber attack that can cause significant business losses
CEO Fraud couldn’t be simpler. There’s no malware to write and no malicious code or links to implant. It’s a text only email, plain and simple – but it’s the social engineering that makes it work.
Due to its simplicity, these spoofing attacks are one of the fastest growing forms of cyber crime. During the period from Oct. 2013 to April 4, 2016, the FBI reported losses due to this kind of attack total a record $2.3 billion.
More than Just Lines on a Map: Best Practices for U.S Bike Routes
Protect yourself from CEO Fraud
1. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
CEO Fraud
S2_E001 THE JASON CLAUSE SHOW
2. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
The Jason Clause Show is a podcast dedicated to
collecting good ideas for a growing community of
busy managers.
Jason Clause
3. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
Computer Support from Endsight
The Jason Clause show is brought to you by Endsight Computer problems are
expensive and frustrating, they’re also almost always avoidable. You deserve
a better computer experience, trust Endsight to deliver it. Click here to learn
how
Acknowledgements - I didn't come up with any of this on my own. I've learned
from others. Click here to meet my teachers.
4. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
Ouch News Letter 7-2016
• CEO Fraud is also know as
“Business Email Compromise”
• A cyber bad guy
impersonates a CEO or
another Sr. Executive at the
company
• The goal is to rush the victim
into making a mistake
– Transferring money
– Disclosing employee personal
information
– Disclosing sensitive corporate
information
Guest Editor
Angela Pappas is a director of
information security training and
awareness at Thomson Reuters. In her
role, Angela is responsible for the
ambassador program, eLearning, and
educating employees about topics that
pose a significant risk.
https://securingthehuman.sans.org/new
sletters/ouch/issues/OUCH-
201607_en.pdf
5. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
The most common form of CEO fraud is a spear phishing
attack
Phishing
• Attacker sends a generic
email to millions of people
• The goal is to trick them into
doing something
– Opening an infected attachment
– Visiting a malicious website.
Spear Phishing
• Attacker sends a custom email
targeting a very small, select
number of people.
• Emails are extremely realistic
looking and hard to detect.
• They often appear to come
from someone you know.
(Like your boss)
• They may use your industry’s
jargon
• Often create a tremendous
amount of urgency
6. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
Three common scenarios
• Wire Transfer
– Cyber bad guy is after money
– Targets accounts payable or finance
– Sends email pretending to be the targets’ boss
– Email says there is an emergency and money must to be transferred right away
to a certain account
• Tax Fraud:
– Cyber bad guy is after employee personal information.
– Targets human resources
– Sends email pretending to be a senior executive or someone from legal
– Email demands certain documents immediately
7. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
• Attorney Impersonation:
– Cyber bad guy is after sensitive corporate information
– Targets IT, operations or records management
– Sends email pretending to be a senior leader, advising you that an attorney will
call about an urgent matter
– Calls pretending to be the attorney
– Creates a tremendous sense of urgency as they talk about time-sensitive,
confidential matters.
8. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
“I can't always do
things right. But I can
always try to do the
right things.”
9. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
Protecting yourself from CEO Fraud
• Be aware of and look for the cues:
– Unreasonable urgency
– Secrecy
– Signature not quite right
– Email or phone number not seen before, but similar
– Tone that just doesn’t seem right
– Using a correct but unfamiliar name or nickname
• When in doubt, pick up the phone
• Scrutinize any attempt to bypass security policies or procedures.
10. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net
Thanks for listening!
The Jason Clause Show is a podcast dedicated to
collecting good ideas for a growing community of
busy managers.
Jason Clause