How to Detect CEO Fraud

One thing we shouldn’t ignore that timing is an important aspect when it comes to CEO email fraud scams. The fraudsters monitor the social media accounts such as Facebook, Twitter, and LinkedIn that belong to senior employees of the target organization. Normally, most executives and their family members of the executives tend to update their status on social media platforms, and such details might help the fraudsters to know the perfect opportunities to send their emails. From the social media accounts, the fraudsters might know when the senior target employee is on holiday, meetings, and their future travel plans.

Once they have confirmed that the target executive is not available, the fraudsters will exploit her or his email to the desired employee. Fraudster use several techniques to penetrate within an organization. Often we get the question if and how it is possible somebody sends e-mails using someone else’s domain name? Yes that is possible for sure! The From and To fields in an e-mail can be anything as the SMTP server doesn’t have any control over them. Actually you can make them anything you want, even you can do the same in your e-mail settings. This method is also often mis-used by e-mail spammers to avoid being blocked by the e-mail provider.

The following approaches are currently known and in most of the CEO fraud cases used:

  1. Reply-to spoofing
    The e-mail  “From” name, address field, and reply-to name received are the real ones of the person being attacked. But the “Reply-to” address is different and replies to fraudster’s email address.
  2. Name spoofing
    The name is shown of the spoofed person in the “From” field of the email received. But the reply address is actually an email address that actually belongs to the fraudster.
  3. Sender spoofing (without a reply-to address)
    The fraudster email uses the name and email address of the spoofed executive. But the email does not contain a “Reply-to” address.
  4. Typo domain
    The fraudster’s  “From” address is very similar to the original domain name of the impersonated manager to hope busy business manager don’t take notice and reply quickly in the daily rush.

These type of e-mail scam methodes make it hard for the junior target employees to verify the authenticity of the message because it’s hard to reach out to the boss physically and if you don’t take specific notice of the from name and e-mail address. In fact, when junior employees receive urgent email requests from their seniors, they usually act fast to complete the request and rarely question and verify all details of the email.

Simple tips to detect fraud scams

  1. Employees who receive urgent wire transfer requests to share sensitive information such as income statements and W2 wage statements should be keen when examining the email. You should check the email from email header. Check the “from” section which contains the name of your CEO and also the Reply-to e-mail address.
  2. A fraudulent email will reveal that the address isn’t for the business or a letter has been replaced with an underscore or a digit. Keep in mind that this section is likely to be similar to that of your company because the cyber criminals tend to buy a domain that is almost similar to your business and set up fake emails.
  3. Check the location of the email sender. Find out if this email arrived when your boss is on vacation, traveling, or for a business meeting. Note that the fraudsters are likely to use the employee’s email when he is out of office. Besides, check the subject line of the email. Most scammers use one-word subject line including urgent, inquiry, payment, transfer, and more. Though sometimes such subjects might be used in day-to-day emails, you will notice a difference in the wording of entire email, typos, and more. If you suspect that something is out of place, don’t transfer the funds unless you verify the identity of the person who has made the request.



Related articles