Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

When Your CEO Isn't Your CEO: 4 Ways to Help Avoid the Scam

Business executives have long served as optimal marks for digital con artists. For years, spear phishers have zeroed in on corporate leaders with impressive success - their well-crafted ruses deceiving company brass into divulging confidential credentials and inviting in insidious malware.

When compared to attacks against rank-and-file employees, attacks that target big bosses like the CEO can lead to far bigger payoffs for cybercriminals - including greater privileges and access to more sensitive and highly regarded corporate data.

Over the last 18 months, another social engineering trend has emerged whose success also relies on high-ranking executives - only this time, they are unwittingly doing the dirty work on behalf of the thieves. It's a fast-growing con known as CEO fraud, and last week our Trustwave SpiderLabs researchers distilled the threat in a two-part series that is well worth reading.

CEO fraud is a type of Business Email Compromise (BEC) scam that has witnessed such explosive growth over the past 18 months, amid billions of dollars of losses, that it prompted an FBI warning. The hoax typically involves an authentic-looking email that appears to come from the CEO, or some other powerful executive in the organization, and is sent to an employee requesting urgent assistance to conduct a wire transfer to settle a pending invoice. These attacks have also been used to trick recipients into clicking on malicious attachments with the goal to infect the victim network with malware.


What makes these hustles so worrying is that the senders go to great lengths to ensure their ruse sounds legitimate and won't raise any suspicion. This includes conducing reconnaissance on the company (via the corporate website, social networking accounts, etc.) in order to tailor a more believable message and impersonate the sender by either spoofing their email address or compromising their email account. As a result, CEO fraud is quite distinct from mass spam, which often contains obvious junk mail elements and for which companies tend to have better controls to guard against.

Still, technology is important in the fight. Weeding out these types of scams at the email gateway is ideal. Secure email gateways can assist by offering anti-spoofing functionality or capabilities that will flag suspicious domain names. Specifically, Trustwave Secure Email Gateway customers can download a special "BEC Fraud" package which makes it easy. The package also includes a special category script that identifies many traits associated with these CEO fraud scams. The package, including documentation, can be obtained here (requires customer login).

In addition, companies should consider web security gateways and endpoint protection in case the scam is motivated by malware delivery rather than financial fraud. But technology alone won't solve the problem of CEO fraud. You must also instill a culture of skepticism around requests from company leadership, as counterintuitive as that may sound given these are the very people from whom we are conditioned to follow orders.

Pay heed to these helpful suggestions:

1) Verify, Verify, Verify

You must have policies and procedures in place for handling emails that request wire transfers and other sensitive information. This might be something as simple as requiring that email recipients pick up the phone to verify the request directly with the email sender, double-check with the chief financial officer and/or notify the IT department. If you're unsure about the payment details referenced in the email, contact the vendor to whom you allegedly owe the balance. You also should consider requiring dual-approval for all wire transfers with the idea that if two people are required to initiate and authorize a transaction, it is more likely that someone will catch on to a scam. Finally, it's essential that the CEO and other top executives are on board with this plan (and won't chastise an employee for playing it safe).

2) Make Employee Education a Priority

Aside from just generally making employees acquainted with CEO fraud, you should teach workers how to spot offending emails. This blog post offers several examples of what CEO fraud emails tend to look like - notice that even though the messages are well crafted, their language, tone and style will likely appear off from how your CEO normally writes. Follow some of these tips to develop a well-liked security awareness program.

3) Beware of Other Tricks

Even if you've caught on to the scam, the miscreants will likely keep the jig going to try to assuage your apprehension. So expect the social engineering to continue even if you claim to have them figured out. Keep in mind, too, that the attackers may shift to the phone to lend more credibility - or skip email entirely. Phone calls may be even more convincing and effective for the criminals because they present an immediate high-stress scenario where the caller puts the target on the spot.

4) Consider Two-Factor Authentication

You should consider adopting an additional step of authentication for access to email accounts. Note, however, that this will only help in the cases in which the impersonators compromised an executive's email account, not when they spoofed the sender.

When in doubt, your employees must ask themselves: Is this an email they were expecting? If the answer is "no," they should trust their gut and follow up on their instinct.

Be safe out there.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.



Latest Trustwave Blogs

Using Trustwave DbProtect and Offensive Security Solutions to Protect Against Nation-State Cyber Threats

The US Director of National Intelligence (DNI) earlier this month gave a stark warning to the Senate Armed Services Committee detailing the cyberthreats arrayed against the US and the world from...

Read More

Defending the Energy Sector Against Cyber Threats: Insights from Trustwave SpiderLabs

It has always been clear, even before the Colonial Pipeline attack, that the energy sector is a prime target for not only criminal threat groups, but also nation-state actors. After all, halting fuel...

Read More

Trustwave SpiderLabs Unveils the 2024 Public Sector Threat Landscape Report

Trustwave SpiderLabs’ latest report, the 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies details the security issues facing public sector...

Read More