CEO fraud warning

CERT – the federal cyber emergency team for Belgium – warns for recurring reports on CEO fraud. A type of cybercrime in which a scammer contacts a company to present himself as the CEO asking to transfer a large amount of money. As simple as it seems, CEO fraud is a highly effective scam and has been responsible for numerous losses.

 

How is this possible?

Cyber criminals go a great length in order to create a believable story and false identity. They research the victim company for its weak spots to obtain as much information as possible about company employees, customers and common procedures. 

CEO fraud is an example of social engineering. A type of cybercrime whereas the scammer uses psychological manipulation (mostly through email of phone call) to obtain protected data, personal information or money. Social engineering may not seem like usual cybercrime yet has been long known amongst IT-professionals for its damage. CERT reports on one Belgian bank (name unknown) paying out to 70 million euro to cyber criminals in 2016. The global loss is estimated to 1 billion EUR. 

So stay alert. Cyber criminals use the holiday period to take advantage of the lower alertness or hope to convince a fill-in employee with lesser knowledge of the security procedures. If nobody detects the fraud within 24 hours, the money will be nearly impossible to recollect.

 

How to detect CEO fraud?

Be careful when:
-    Large sums of money are requested
-    The reason of transaction is vague or unusual
-    The transaction is urgent
-    The request comes from an unknown email of phone number
-    The request is made on a Friday night or before a public holiday

 

Have you been in contact with CEO fraud?
Please warn CERT at cert@cert.be.

Want to read more on preventing CEO fraud? Read this document recently published by CERT.

Stay updated at Belgian Cyber Security Convention 2017, 25th of October at Lamot Mechelen.


 

Michael Lombarts