For cybercriminals, a scam known as CEO fraud or business email compromise (BEC) is proving to be particularly profitable, as current FBI figures show. […]
Hardly any scam is as profitable for cybercriminals as the CEO fraud or Business email Compromise (BEC). In this special form of social engineering, company employees are tempted to transfer money by the misuse of false identities. The perpetrators usually pose as the boss or leading person of the respective company. By e-mail or fax, ask employees to arrange an urgent transfer.
And these can also include larger amounts. According to the FBI, CEO fraud caused more damage to victims in 2021 than any other form of cybercrime. Although this scam occupies only the ninth place among the cybercrime types of the year out of the number of reported offenses, the criminals received by far the highest damage of $ 2.4 billion. This is followed by investment fraud with $ 1.5 billion.
Cybercriminals operate with deepfakes
“One third of all damages caused by cybercrime are based on CEO fraud. The pressure that the managing director or a senior executive immediately asks an employee to make a transfer does not make them reconsider the consequences of their own actions,” explains Thomas Uhlemann, Security Specialist at cybersecurity expert Eset.
“Deepfakes, i.e. artificially created audio and video files in which faces or voices are manipulated, are now cheap to produce for the perpetrators. We are already aware of cases where fake audio files have been used. It can be assumed that these methods and fake videos will be used even more frequently in the future.»
But there are also countermeasures, as Eset security experts point out in a blog post. There they present, among other things, the following basic tips to protect yourself from CEO fraud:
- Pay attention to what information about your company is public and what employees also post, for example, on social networks.
- Update the payment processes so that large transfers have to be signed off by two employees
- Double-check all requests for payment with the person who allegedly made the request – preferably by phone.
- Invest in advanced email scanners that use AI to detect suspicious email patterns and the sender’s writing style.
*Jens Stark is an author at COM!proffesional.