CEO FRAUD

CEO Fraud is a scam in which cyber criminals spoof company email accounts and impersonate executives to try and fool an employee in accounting or HR into executing unauthorized wire transfers, or sending out confidential tax information.

There are two common ways in which a CEO fraud email is launched. The first is name spoofing, in which the attacker uses the name of your CEO but a different email address. Sometimes (but not always) the email address the attacker uses is similar to the company's domain with a few different letters (e.g., acrne.com instead of acme.com). With name spoofing, the attacker is hoping that the recipient will not notice the incorrect sender address, and will rush to respond. Many email clients, especially mobile email clients, do not display the sender address by default, which can make it hard to spot this attack.

The second form is name and email spoofing, where the attacker uses both the CEO’s name and their correct sender address. In this form of the attack, the attacker typically uses a reply-to address that is different than the sender address, so that your response to the email will go to them.


PREVIOUS                                                                                                              NEXT