How to Protect From CEO Fraud?
With the advances in the field of information technology, the world is changing. It provides a lot advancement in every sphere of life, but the world is also not saved from the threats of hacking. Many valuable information is lost due to phishing, spear phishing, executive whaling, etc.
CEO fraud is basically a type of spear phishing in which the cybercriminal sends an email to a company that is also working internationally and impersonates himself as the CEO and gets the secret information or the HR of that company. As a result these fraudsters divert the payments into their own bankaccounts and leaving the company empty-handed. It’s very difficult to trace the fraudster because within only 24 hours the chances to recover are null.
Some target methods
You might be wondering that how can such guys do this CEO fraud. Number one is Phishing method. Emails are sent to a large number of people and the likely candidate is captured. In Spear Phishing the email is sent to only the person and the content of email includes some personal data also.
Next is Executive Whaling in which the executives or the CEOs of the companies are targeted. The last but not the leastis the Social Engineering in which the people are tricked to get the confidential data and revealing the access to their company’s accounts.
Possibilities for the CEO fraud
Most commonly fraudsters take advantage of people who are working with foreign companies. They pretend as the lawyers of the company and get valuable data. They take over the email account of the worker and send money to false accounts. The fraudster send email imposing him as CEO of the firm and requests the employee to send money to some other account, but they send emails from the genuine email address and it seems real. Facebook and other social media apps provide a lot of organizational personneland help them commit CEO fraud.
The company should train all the users about CEO fraud, so that the company shouldn’t fall into such fraud. Complete security must be adopted and the employees must be taught to tackle the odd conditions. Cyber-risk planning must be done and the most risky users should be identified. Don’t show any response to the emails that require your personal account data. Considering the sender is the major step to avoid such fraud.
Victim response steps
What are the steps the victim should take? Although the CEO fraud has 90 percent successful rate yet the victim should do these steps as immediately as possible:
Report your bank; use IT forensics; contact the executives and board of company; seek the help of security specialists; make more plans for better security; contact law enforcement, etc.