Cyber attackers continue to evolve an email attack called CEO Fraud or Business Email Compromise. These are targeted email attacks that trick their victim into wiring money to cybercriminals. The FBI says losses are already in the billions of dollars and are growing. The cyber attackers research their intended victim on the internet, then craft an email pretending to be your boss or a senior executive with an “emergency” requiring urgent wiring of funds to the cybercriminal.
So, what can you
do to protect yourself? Common sense is your best defense. Here are the most
common clues to look for:
The email is very short (often only a couple
of sentences), urgent and the signature says the email was sent from a
There’s a strong sense of urgency, pressuring
you to ignore or bypass your employer’s policies. Always follow
work-related policies and procedures, even if the email appears to come
from your boss or the CEO.
The email is work-related but uses a personal
email address, such as @gmail.com or @hotmail.com.
The email appears to come from a senior
leader, coworker or vendor you know or work with, but the tone of the
message does not sound like them.
Payment instructions are provided, but these
instructions differ from ones you already received, such as requesting
immediate payment to a different bank account.
If you suspect
you have been targeted at work, stop all interaction with the attacker and
report it to your supervisor. If you have been targeted at home or you have
fallen victim and a wire transfer was made, immediately report it to your bank,
then to law enforcement.
multi-factor authentication on all of your accounts. By adding extra
layers of credentials to prove the person signing in is truly who they say they
are, you make it harder for the cybercriminal to carry out an attack.