Today ASK YOUR FRAUD EXPERT post is dedicated to C-level fraud. Let’s ask our Fraud Expert how to manage them.
If your CEO sends you an email asking you to make an urgent payment, would you be suspicious about it?
Maybe not, but you should because the sender may not be your boss, and you could be a victim of a C-level attack. Be careful!
How does the attack develop?
Firstly, attackers search online about a company to target. Thanks to social media, they easily trace a C-level name and email address and references of Finance or HR people in the organization. C-level name is the key to the attack because it lets the attacker gain authenticity and authority. The second step is to control the C-level email to order wire money or get sensitive data. It is often unnecessary to take control of the email but only to fake an email address. The fake email should look similar enough to the original one to be trusted by the victim. Another prerogative is the urgent and “no question” tone.
Why are these attacks so successful?
Employees always tend to take requests by C-level executives very seriously and satisfy the task as quickly as possible.
What is the main target?
SMBs all around the globe because they usually have less structured payment processes. Employees involved are from the finance or HR department.
What is the loot?
Sensitive information or money transfers.
How to protect your company:
- Update your processes and policies: require a second authorization, in person, or by phone, before processing an email request.
- Adopt a cryptographic secure signature mechanism for email origin verification or final transaction signing
- Be transparent: share the information regarding the attack internally and externally with potentially involved actors (for example, contractors)
- Please report it to the authorities in charge of fraud persecution (cybersecurity teams in the police department) and your bank’s fraud office.
- Ask your bank about their fraud prevention capabilities: transaction monitoring can often recognize anomalous payment transaction before the fraud happens. Choose a bank that offers your company such an additional safety net.
Don’t forget to be paranoic: double-check if the request seems unusual or the urgency too high!
XTN Cognitive Security Platform® allows you to protect your services from online fraud.