The CEO Email Scam

CEO email attacks are becoming very well known now and there have been numerous recent cases reported in the media.

The emails are clearly being produced manually,  by individuals who are probably using Social Media to track when suitably high level persons within a department are away on holiday or otherwise. They are not automated attacks, but a manual, intelligent attack by a person doing a fair amount of research on the company. They will often find out the CEO’s name, email address and the names and email addresses of key people within the company. The CEO email is the key to this scam, it adds authenticity and authorisation to the fraudulent email.

So what do the attackers usually include in the email? The basic premise of the scam is where the attacker sends an email, pretending to be the CEO of the company or a high level person and requests sensitive information or money transfers. Attackers are known to fully interact with the targeted staff member with multiple emails flying back and forth before the scam is completed.

We work with providers such as Mimecast who are able to offer CEO protect services, TTP and URL protect. Please get in touch with us to find out how we can help to protect you and your business against CEO email scams.

https://www.mimecast.com/resources/press-releases/Dates/2016/3/mimecast-tackles-growing-security-threat-from-spear-phishing-and-previews-new-whaling-protection

https://www.mimecast.com/content/ceo-fraud