Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks. Learn More

Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

When Your CEO Isn't Your CEO: 4 Ways to Help Avoid the Scam

Business executives have long served as optimal marks for digital con artists. For years, spear phishers have zeroed in on corporate leaders with impressive success - their well-crafted ruses deceiving company brass into divulging confidential credentials and inviting in insidious malware.

When compared to attacks against rank-and-file employees, attacks that target big bosses like the CEO can lead to far bigger payoffs for cybercriminals - including greater privileges and access to more sensitive and highly regarded corporate data.

Over the last 18 months, another social engineering trend has emerged whose success also relies on high-ranking executives - only this time, they are unwittingly doing the dirty work on behalf of the thieves. It's a fast-growing con known as CEO fraud, and last week our Trustwave SpiderLabs researchers distilled the threat in a two-part series that is well worth reading.

CEO fraud is a type of Business Email Compromise (BEC) scam that has witnessed such explosive growth over the past 18 months, amid billions of dollars of losses, that it prompted an FBI warning. The hoax typically involves an authentic-looking email that appears to come from the CEO, or some other powerful executive in the organization, and is sent to an employee requesting urgent assistance to conduct a wire transfer to settle a pending invoice. These attacks have also been used to trick recipients into clicking on malicious attachments with the goal to infect the victim network with malware.


What makes these hustles so worrying is that the senders go to great lengths to ensure their ruse sounds legitimate and won't raise any suspicion. This includes conducing reconnaissance on the company (via the corporate website, social networking accounts, etc.) in order to tailor a more believable message and impersonate the sender by either spoofing their email address or compromising their email account. As a result, CEO fraud is quite distinct from mass spam, which often contains obvious junk mail elements and for which companies tend to have better controls to guard against.

Still, technology is important in the fight. Weeding out these types of scams at the email gateway is ideal. Secure email gateways can assist by offering anti-spoofing functionality or capabilities that will flag suspicious domain names. Specifically, Trustwave Secure Email Gateway customers can download a special "BEC Fraud" package which makes it easy. The package also includes a special category script that identifies many traits associated with these CEO fraud scams. The package, including documentation, can be obtained here (requires customer login).

In addition, companies should consider web security gateways and endpoint protection in case the scam is motivated by malware delivery rather than financial fraud. But technology alone won't solve the problem of CEO fraud. You must also instill a culture of skepticism around requests from company leadership, as counterintuitive as that may sound given these are the very people from whom we are conditioned to follow orders.

Pay heed to these helpful suggestions:

1) Verify, Verify, Verify

You must have policies and procedures in place for handling emails that request wire transfers and other sensitive information. This might be something as simple as requiring that email recipients pick up the phone to verify the request directly with the email sender, double-check with the chief financial officer and/or notify the IT department. If you're unsure about the payment details referenced in the email, contact the vendor to whom you allegedly owe the balance. You also should consider requiring dual-approval for all wire transfers with the idea that if two people are required to initiate and authorize a transaction, it is more likely that someone will catch on to a scam. Finally, it's essential that the CEO and other top executives are on board with this plan (and won't chastise an employee for playing it safe).

2) Make Employee Education a Priority

Aside from just generally making employees acquainted with CEO fraud, you should teach workers how to spot offending emails. This blog post offers several examples of what CEO fraud emails tend to look like - notice that even though the messages are well crafted, their language, tone and style will likely appear off from how your CEO normally writes. Follow some of these tips to develop a well-liked security awareness program.

3) Beware of Other Tricks

Even if you've caught on to the scam, the miscreants will likely keep the jig going to try to assuage your apprehension. So expect the social engineering to continue even if you claim to have them figured out. Keep in mind, too, that the attackers may shift to the phone to lend more credibility - or skip email entirely. Phone calls may be even more convincing and effective for the criminals because they present an immediate high-stress scenario where the caller puts the target on the spot.

4) Consider Two-Factor Authentication

You should consider adopting an additional step of authentication for access to email accounts. Note, however, that this will only help in the cases in which the impersonators compromised an executive's email account, not when they spoofed the sender.

When in doubt, your employees must ask themselves: Is this an email they were expecting? If the answer is "no," they should trust their gut and follow up on their instinct.

Be safe out there.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.



Latest Trustwave Blogs

Unlock the Power of Your SIEM with Co-Managed SOC

Security information and event management (SIEM) systems play a pivotal role in cybersecurity: they offer a unified solution for gathering and assessing alerts from a plethora of security tools,...

Read More

Trustwave SpiderLabs: LockBit 3.0 Ransomware Most Common Malware Used to Attack the Manufacturing Sector

As the manufacturing sector continues its digital transformation, Operational Technology (OT), Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA) are becoming...

Read More

Trustwave’s Observations on the Recent Cyberattack on Aliquippa Water Treatment Plant

The attack last week on the Municipal Water Authority in Aliquippa, Penn., that gave threat actors access to a portion of the facility’s pumping equipment has spurred the Cybersecurity &...

Read More