Everything you need to know about CEO Fraud and how to prevent it

2nd November 2020

By: Creamer Media Reporter


Font size: - +

This article has been supplied as a media statement and is not written by Creamer Media. It may be available only for a limited time on this website.

By Anna Collard SVP Content Strategy & Evangelist at KnowBe4 AFRICA

CEO Fraud – also called Business Email Compromise (BEC) – is a scam in which cybercriminals spoof company email accounts and impersonate executives to try and fool an employee in accounting or HR into executing unauthorised wire transfers, or sending out confidential personal information.


In the first three months of 2020, invoice and payment fraud BEC attacks increased more than 75%. The rise was even more pronounced from April to May. Over that period, the volume of these types of BEC campaigns shot up by 200% per week, according to Abnormal Security.

The spike in the number of CEO fraud attempts indicates that cybercriminals are becoming more successful with this tactic than any other form of social engineering and have been benefitting from the confusion associated with the sudden enforced work from home situation.

This is how the bad guys do it:

1. Initiation

The attacker will compromise a business executive’s email account or any publicly listed email. This is usually done using phishing methods, where attackers create a domain that’s similar to the organisation they’re targeting, or by tricking the target into providing account details. They perform a fair amount of research, looking for an organisation that has had a change in leadership or where executives are traveling, and then use these events to execute their scams. Often the first email request will not have any links or attachments, but rather attempt to initiate a communication flow, requesting very basic forms of information, such as how to get help paying an urgent invoice. 

2. Social Engineering

Within a security context, social engineering means the use of psychological manipulation to trick people into divulging confidential information or providing access to funds. Often by applying a low-grade form of fear, authority, urgency or flattery, they will trigger the target’s emotions in order to suppress his/her critical thinking.  

The label of this category of cybercrime may be CEO fraud, but that doesn’t mean the CEO is always the one in a criminal’s crosshairs. Anyone with privileges to make, approve or influence payments as well as with access to personal or sensitive corporate information may be at risk. In one example, the attacker impersonated an actual vendor used by the target organization. Over the span of two months, the person emailed several employees trying to convince someone to change banking details and redirect payment of a legitimate invoice to the attacker's account. 

Here’s what you (the good guy) can do:

1. Identify your high-risk users: These include C-level executives, HR, Accounting and IT staff. Impose more controls and safeguards in these areas, including a review of social/public profiles for job duties, hierarchical information, out of office details, or any other sensitive corporate data, and identify any publicly available email addresses and lists of connections.

2. Institute technical controls: Implementing tools such as two-factor authentication, email filters, and managing access/permission levels for all employees are some of the ways to ensure the organisation has the highest defences possible against the bad guys.

3. Develop a security policy and standard procedures:  Recommended company procedures should include:

o    Make staff are aware of security policies around email usage and risks 

o    Establish how executive leadership is to be informed about cyber threats 

o    Have sound financial controls in place, such as multiple approval steps before any payments can be made 

o    Implement verification processes for new suppliers as well as any requests for bank account changes 

o    Establish a schedule to test the cyber incident response plan

o    Register as many company domains as possible that are slightly different than the actual company domain

4. Training for all users: No matter how good your prevention steps are, breaches are inevitable. User education plays a big part in minimising the dangers of Business Email Compromise. The best training programs harness user education to make sure any threats are prevented.








Edited by Creamer Media Reporter




Werner South Africa Pumps & Equipment (PTY) LTD
Werner South Africa Pumps & Equipment (PTY) LTD

For over 30 years, Werner South Africa Pumps & Equipment (PTY) LTD has been designing, manufacturing, supplying and maintaining specialist...


GreaseMax is a chemically operated automatic lubricator.


Latest Multimedia

sponsored by

Magazine round up | 10 May 2024
Magazine round up | 17 May 2024
17th May 2024
Photo of Martin Creamer
On-The-Air (10/05/2024)
10th May 2024 By: Martin Creamer

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?







sq:0.385 0.438s - 162pq - 2rq
Subscribe Now