By Kevin Pelton, CISSP
“What is CEO fraud?” you may be asking yourself. CEO fraud – also known as business email compromise (BEC) – is when a top-level executive’s email account is either hacked or mimicked and then used to manipulate another staff member into processing a wire transfer. Imagine getting an email from your boss asking you to wire money to an account. If you’re in IT, this should raise a big red flag. But if you’re in finance or accounting, this may not be anything out of the ordinary so you go ahead and process the transfer – only to find out days or weeks later that the request came from a hacker who is now on an island in the Caribbean.
CEO fraud isn’t just something that happens to big national companies. Our IT department has been notified of CEO fraud attempts at two local clients. So what can you do?
- Train your staff on how to watch for phishing emails.
- Create strong passwords on all of your accounts (at least 8 characters with upper/lower, numeric and special characters).
- Use two-factor or two-step identification when possible.
- Review internal processes for wire transfers and add an additional communication level (i.e. a phone call) to verify the transaction.
- Think twice before revealing information about job roles or processes to anyone outside the organization. Hackers commonly use social media, fake vendor phone calls, industry surveys and forged emails to gather information that will make their scheme more believable.
If you have any questions or concerns about the security of your own network, please contact Kevin Pelton. We can work with you to implement internal awareness and training programs for employees.