CEO scam is a form of attack in which cybercriminals pose as a company's top executive to trick employees into sharing sensitive data or making unauthorized payments. Scammers know that a message from someone high up can push employees to act fast without questioning it. They often create a sense of urgency to trap employees into making a rushed decision.
The FBI often calls this scam "Business Email Compromise" (BEC), as fraudsters typically use compromised or spoofed business email accounts. Here's how it typically plays out:
Related: How Deepfakes Can Target Businesses Like Yours
Real-life story
A finance worker at a multinational firm was tricked into transferring approximately $25 million to fraudsters who used deepfake technology to impersonate the company's chief financial officer during a video conference call. Initially suspicious of a message from what he thought was the UK-based CFO regarding a secret transaction, his doubts were dispelled during the call when he recognized the familiar appearances and voices of the other participants, who were actually deepfake recreations. Trusting the situation, he agreed to remit a total of 200 million Hong Kong dollars (around $25.6 million).
Source: CNN
Scammers target specific employees based on their access to financial data: finance departments, HR, and executives. Here are a few scenarios used by scammers in which CEO scams play out.
1. A business working with foreign suppliers: Scammers exploit collaborations with international suppliers, requesting funds to be sent to a different account than the established wire transfer agreement.
2. Wire Transfer Requests: Cybercriminals compromise or spoof email accounts of top executives, leading employees, or financial institutions to ask for fund transfers to unauthorized accounts.
3. Fraudulent Correspondence to Business Contacts: Attackers take over an employee's email account and send fake invoices to suppliers, resulting in funds being redirected to fake accounts.
4. Impersonation: Scammers pose as lawyers or executives involved in urgent, confidential matters, convincing employees to act quickly without proper verification.
5. Data Theft: Fraudulent emails request sensitive documents, such as W-2 forms or personally identifiable information (PII), from HR or accounting departments.
1. False Invoice Payments
The false invoice scam is a common tactic used in CEO fraud, where attackers request payments for invoices that don't actually exist.
Example:
Subject Line: Invoice to Pay [Late!]
Hi Diana,
I've been in meetings all morning with Company X, and they're unhappy because we haven't processed this month's invoice payment.
I need you to resolve this within the hour before we reconvene after lunch. The invoice details are attached—I'm counting on you to handle this quickly as we need their business.
Thanks,
Paul
Related: What Are Invoice Scams and How Small Business Can Stay Safe
2. Tax or Document Access Requests
Another form of CEO phishing involves requests for sensitive documentation, such as tax forms or legal contracts, to be sent to a third party controlled by the fraudster. In this scenario, the fake CEO may CC an external "tax audit firm," which is actually just another fraudster.
Example:
Subject Line: Contracts for Legal – URGENT
Hi Mina,
I've CC'd our external legal team, who need to review the contracts with Third Party Z. Please send them to Sarah today, as we're on a tight deadline.
Thanks,
Paul
3. Gift Card Scams
This scam involves a fraudster impersonating the CEO by either spoofing their email or hacking their account. They then send a mass email to employees requesting the purchase of gift cards. After the employees buy the gift cards, the fraudster asks for the serial numbers, allowing them to redeem the cards without anyone realizing.
The fraudster may use various tactics, such as:
- Claiming the "CEO" needs a gift for a friend or relative, often accompanied by a sad backstory.
- Pretending that the "CEO" wants to reward staff members secretly and asks the employee to keep it confidential.
- Requesting gift cards for clients, sometimes mentioning an upcoming presentation.
Example:
Subject Line: In a Conference – Are You Free Now??
Hi David,
I urgently need you to run to Target and buy 20 gift cards worth $100 each for a client. Please charge it to the employee expenses card, and we'll sort it out later.
Take a photo of each serial code and send it to me as soon as you can—I need to resolve this before the conference ends.
Thanks,
Paul
4. Fake Mergers or Acquisitions
Fraudsters may also impersonate a CEO to request large bank transfers for fake mergers or acquisitions. This sophisticated scam often involves extensive research to create convincing email chains, making it seem legitimate.
Example:
Subject Line: Transfer for Our Acquisition
Hi Roger,
I know this is short notice, but we've just sealed the deal for an acquisition in Germany. We need to fund an account quickly—can I count on you to make the transfer within the next hour?
It's going to be $12.3 million to the following account [details here].
I'm emailing you directly because I trust your discretion—please keep this confidential until our official announcement tomorrow.
I appreciate your quick action on this. Let's celebrate once it's all done.
Thanks,
Paul
5. Payroll Diversion Scam
The payroll diversion scam is a straightforward tactic where scammers impersonate individuals in the payroll department.
Example
Subject Line: Update Required for Direct Deposit
Hi Sarah,
I hope you're doing well! I wanted to let you know that I recently switched banks and need to update my direct deposit information. Can you please assist me with this?
I appreciate your help! Please find my new bank details below:
Thank you for taking care of this quickly. Let me know if you need any further information.
Best,
Paul
Related: Top 10 Scams Targeting Very Small Businesses: How to Stay Safe and What to Do If You're Scammed
Did you know that one of the first things hackers often do is try to spoof your business email? If they succeed, they can initiate a "CEO fraud" attack that could compromise your entire network.
Bitdefender Ultimate Small Business Security offers robust defenses against these threats. With advanced email protection and the Scam Pilot feature, it detects and blocks phishing attempts before they reach your inbox. Combining cutting-edge technology with user training helps your team stay vigilant and secure against these types of attacks.
Here's what it offers:
Bitdefender Ultimate Small Business Security is an easy-to-use, all-in-one, affordable solution that protects your business.
Check it out at bitdefender.com/solutions/small-business-security.
How can I tell if an email is part of a CEO fraud scam?
Look for subtle signs like unusual language, a sense of urgency, or requests for confidential information or immediate payments. Check the email address carefully for minor alterations to your domain name, and if you’re unsure, contact the sender through another communication method for confirmation. Be especially cautious if the email asks you to bypass regular processes.
2. What should I do if I suspect I’ve fallen victim to a CEO scam?
If you’ve already transferred money or shared sensitive information, contact your bank and local authorities immediately. You should also notify your cybersecurity team and report the incident to national fraud and cybercrime agencies. The faster you act, the better your chances of recovering funds or minimizing damage.
3. How can Bitdefender Ultimate Small Business Security help prevent CEO scams?
Bitdefender Ultimate Small Business Security provides comprehensive email protection, which detects and blocks phishing attempts before they reach your inbox. Additionally, the Scam Pilot feature is designed to analyze emails and detect fraudulent patterns, helping safeguard your business from impersonation scams like CEO fraud.
tags
Cristina is a freelance writer and a mother of two living in Denmark. Her 15 years experience in communication includes developing content for tv, online, mobile apps, and a chatbot.
View all postsSeptember 06, 2024
September 02, 2024