Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Protect yourself from CEO Fraud

50 views

Published on

CEO Fraud is a very simple and effective cyber attack that can cause significant business losses

CEO Fraud couldn’t be simpler. There’s no malware to write and no malicious code or links to implant. It’s a text only email, plain and simple – but it’s the social engineering that makes it work.

Due to its simplicity, these spoofing attacks are one of the fastest growing forms of cyber crime. During the period from Oct. 2013 to April 4, 2016, the FBI reported losses due to this kind of attack total a record $2.3 billion.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Protect yourself from CEO Fraud

  1. 1. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net CEO Fraud S2_E001 THE JASON CLAUSE SHOW
  2. 2. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net The Jason Clause Show is a podcast dedicated to collecting good ideas for a growing community of busy managers. Jason Clause
  3. 3. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net Computer Support from Endsight The Jason Clause show is brought to you by Endsight Computer problems are expensive and frustrating, they’re also almost always avoidable. You deserve a better computer experience, trust Endsight to deliver it. Click here to learn how Acknowledgements - I didn't come up with any of this on my own. I've learned from others. Click here to meet my teachers.
  4. 4. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net Ouch News Letter 7-2016 • CEO Fraud is also know as “Business Email Compromise” • A cyber bad guy impersonates a CEO or another Sr. Executive at the company • The goal is to rush the victim into making a mistake – Transferring money – Disclosing employee personal information – Disclosing sensitive corporate information Guest Editor Angela Pappas is a director of information security training and awareness at Thomson Reuters. In her role, Angela is responsible for the ambassador program, eLearning, and educating employees about topics that pose a significant risk. https://securingthehuman.sans.org/new sletters/ouch/issues/OUCH- 201607_en.pdf
  5. 5. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net The most common form of CEO fraud is a spear phishing attack Phishing • Attacker sends a generic email to millions of people • The goal is to trick them into doing something – Opening an infected attachment – Visiting a malicious website. Spear Phishing • Attacker sends a custom email targeting a very small, select number of people. • Emails are extremely realistic looking and hard to detect. • They often appear to come from someone you know. (Like your boss) • They may use your industry’s jargon • Often create a tremendous amount of urgency
  6. 6. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net Three common scenarios • Wire Transfer – Cyber bad guy is after money – Targets accounts payable or finance – Sends email pretending to be the targets’ boss – Email says there is an emergency and money must to be transferred right away to a certain account • Tax Fraud: – Cyber bad guy is after employee personal information. – Targets human resources – Sends email pretending to be a senior executive or someone from legal – Email demands certain documents immediately
  7. 7. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net • Attorney Impersonation: – Cyber bad guy is after sensitive corporate information – Targets IT, operations or records management – Sends email pretending to be a senior leader, advising you that an attorney will call about an urgent matter – Calls pretending to be the attorney – Creates a tremendous sense of urgency as they talk about time-sensitive, confidential matters.
  8. 8. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net “I can't always do things right. But I can always try to do the right things.”
  9. 9. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net Protecting yourself from CEO Fraud • Be aware of and look for the cues: – Unreasonable urgency – Secrecy – Signature not quite right – Email or phone number not seen before, but similar – Tone that just doesn’t seem right – Using a correct but unfamiliar name or nickname • When in doubt, pick up the phone • Scrutinize any attempt to bypass security policies or procedures.
  10. 10. 1440 Fourth Street, Suite B, Berkeley, CA 94710 | 510.280.2000 | www.endsight.net Thanks for listening! The Jason Clause Show is a podcast dedicated to collecting good ideas for a growing community of busy managers. Jason Clause

×