CEO Financial Fraud / Business Email Compromise (BEC)

Get Started Quickly!

Since these attacks are mostly targeted at the Finance, HR and Executive team, hence its worthwhile sharing.

What is CEO Financial Fraud/BEC?

Cyber attackers continue to evolve an email attack called CEO Financial Fraud or Business Email Compromise (BEC). These are targeted email attacks that trick their victim into taking an action they should not take. In most cases, the bad guys are after money.

Please Note: What makes these attacks so dangerous is cyber attackers research their victims before launching their attack. It is also very hard for security technologies to stop these attacks because there are NO infected email attachments or malicious links to detect.

Here is how the attack works.

The cyber attacker uses the Internet to research their intended victim and people their victim interacts with. For example, if they target you, they would research who your boss is at work. The cyber attacker then crafts an email pretending to be your boss and sends it to you. The email is urgent, requiring you to take an action right away, such as processing an invoice, changing who you make a payment to, or convincing you to reply with sensitive documents. The email works by pressuring you into doing what they want.

Here are two examples of how just such an attack could work:

Bank Transfer: A cyber criminal is after money. They will research your organisation’s Finance/Exec team and identify who is responsible for transferring funds. The criminals then craft and send an email to these individuals pretending to be their boss or a senior executive. The email tells them there is an emergency and money needs to be transferred right away to a new bank account. The email pressures them into making a mistake, and in reality, they are sending money to the cyber criminal.

Tax Fraud: Cyber criminals are after people’s personal information to use for tax fraud. They will research your organisation’s Human Resources team and send targeted emails pretending to be a senior executive or someone from legal. The emails create an urgent story, that the tax information on all the employees has to be submitted right away. Human Resources think they are sending the sensitive documents to the senior executive, when they are really sending them to a cyber criminal.

Protecting Yourself & your organisation

So, what can you do to protect yourself & your organisation? Common sense is your best defence and always follow work-related policies and procedures, even if the email appears to come from an Exec or the CEO.

Here are the most common clues to look for:
  • The email is very short, often only a couple of sentences, urgent, and the signature says the email was sent from a mobile device.
  • There’s a strong sense of urgency, pressuring you to ignore or bypass your company’s policies. The email is work related but uses a personal email address, such as @gmail.com or @hotmail.com. The email appears to come from an Exec, or vendor you know, but the tone of the message does not sound like them.
  • Payment instructions are provided, but these instructions differ from ones you already received, such as requesting immediate payment to a different bank account.

If you suspect you have been targeted at work, stop all interaction with the attacker and report it to your Exec Manager and Information Security.

[su_note]Please contact our ARANKISH team, if you need any further assistance. Stay Safe and Secure!![/su_note]

Quick Links

Partner with the Expert Team Your Business Deserves.

Our dedicated professionals deliver tailored solutions to help your business thrive, ensuring you get the expertise and support you deserve every step of the way.

Talk To The ARANKISH Team

Feel free to reach out to us with your cyber security requirements or for a quotation. Our team will respond to you promptly.

What are you looking for?