CEO impersonation fraud is rising, and many Singapore business became a victim.
The boss needs your help, and it’s urgent!
Attackers impersonate trusted executives – like the CEO or CFO – and induce target employees to take actions that lead to compromise.
These cybercriminals are using LinkedIn and Facebook to understand the company C-Suite executives beforehand. With valuable online information of the chief executive officer (CEO), and chief financial officer (CFO), a phishing campaign can be launched targeting the finance department to transfer funds urgently to another bank.
Step by step for CEO Fraud attack
Phishers rely on the “fear of the boss” mentality: all employees want to be effective at their job, and they probably won’t decline an order coming directly from potentially the most important person within their company. Employees usually feel obligated to comply with anything their CEO requests, and that is what cyber-criminals put their money on.
How to prevent the CEO impersonation attack?
- Always question any emails requesting fast actions, whether they seem unusual or not, especially if the request is not following standard procedures.
- If unsure, please make a phone call to verify the legitimacy of a business partner, supplier, and boss.
- The finance department must set a standard operating procedure (SOP) to transfer funds online. Under no circumstances should they depart from proper procedures.
- Employees should check email addresses as well as the email name; even though an email may bear the name of the CEO, check that the full address and domain corresponds to that of the company. Make sure the domain name is correct.
- The Sophos Endpoint and Fortigate Firewall must be set up to protect the company against Cyber-threat.
CEO fraud is a form of Business Email Compromise (BEC). It is an epidemic of email impersonations that are responsible for billions of dollars in losses around the world.
Let work together to protect the company and stay vigilant against CEO impersonation attack and email phishing scam.
Contributed by Lim Jamson
Jamson is a technopreneur and passionate in Cloud computing, Cyber-security, and Digital Marketing.