The Business Email Compromise or CEO Fraud

What is CEO Fraud?

The CEO Fraud is the name given by Federal Bureau of Investigation (FBI) to a cyber-crime called Business Email Compromise (BEC). The Business Email Compromise (BEC) or simply CEO Fraud is the type of cybercrime where the attacker disguise himself as the executive of the company and send the email to employee of the company to get the confidential financial information and tax details. The victims of CEO Fraud are mostly the companies who work with the foreign companies and frequently transfer payments via wire transfer. Mostly the victims of fraud are the companies in United States but a number of cases could be seen in other countries as well mostly in Hong Kong and China.Following are some

Possible Scenarios

The possible scenarios through which the CEO Fraud is possible are as follows:

  • Business with foreign supplier:The CEO fraud most commonly happens with the businesses who deal with foreign suppliers and use wire payment method. The attacker would ask the employee to transfer the payments to different accounts.
  • Wire Transfer Payment Method:Wire transfer is the method of transferring payments. CEO fraud specifically attacks the wire transfer payment method.
  • Confidential Details: The fraud people disguise themselves as the lawyers or executives to get the confidential and sensitive information of the organization.
  • Theft of Data: The data is stolen via CEO Fraud. The company’s important data files are often stolen with the help of spoofed emails.

Targets

As now we know in detail about CEO Fraud, but who are the targets of this scam? Or to be more precise, which part or department of organization is usually targeted with CEO Fraud? Following are some targets of CEO Fraud:

  • Department of Finance
  • Department of Human Resource
  • Department of IT
  • Members of Executive Team

Prevention of Fraud

Now the question arises, is there any way by which CEO Fraud could be prevented in the organization? With the use of proper measures the fraudulent activities could be prevented to an extent. The continuous and up to date check of cyber security, the risk planning against cyber-crimes, the monitoring of phishing attacks and the setup of high end security policy are some necessary steps to prevent the CEO Fraud. In case the organization falls victim for the CEO Fraud make sure to contact the organizations who help in prevention of cyber-crimes.

Author: Nina Mdivani