Part II: What Is Known About CEO Fraud

The methods in which these attacks are initiated can be any of the following or in combination:

Phishing: Phishing emails are sent to large numbers of users simultaneously in an attempt to “fish” sensitive  information by posing as reputable sources—often with legitimate-looking logos attached. Banks, credit card  providers, delivery firms, law enforcement, and the IRS are a few of the common ones. A phishing campaign  typically shoots out emails to huge numbers of users. Most of them are to people who don’t use that bank, for  example, but by sheer weight of numbers, these emails arrive at a certain percentage of likely candidates.

Spear Phishing: This is a much more focused form of phishing. The cybercriminal has either studied up on the  group or has gleaned data from social media sites to con users. The email generally goes to one person or a  small group of people who use that bank or service. Some form of personalization is included – perhaps the  person’s name, or the name of a client.

Executive “Whaling”: Here, the bad guys target top executives and administrators, typically to siphon off  money from accounts or steal confidential data. Personalization and detailed knowledge of the executive and  the business are the hallmarks of this type of fraud.

In our next blog we will cover Social Engineering  and how the above techniques fall under the broader category of social engineering.

We are excited to launch our new website we have a new look and hope you enjoy it and possibly share it with your fiends and partners.

Remember…Think Before You Click!

Tina Louise ~  888.871.6584



Part I: Understanding CEO Fraud

What is CEO Fraud?   The FBI calls it Business Email Compromise and defines BEC as “a sophisticated scam targeting businesses  working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”

CEO fraud is another name for this scam and it usually involves tricking someone into making a large wire transfer into what turns out to be a bogus account. On a few occasions, however, checks are used instead of wire transfers. According to resent FBI reports in the last year estimate losses have hit 2.3 billion dollars.

Most victims are in the US (all 50 states), but companies in 100 other countries have also reported incidents. While the fraudulent transfers have been sent to 79 countries, most end up in China and Hong Kong. Unless the fraud is spotted within 24 hours, the chances of recovery are small.

That’s why only 4% of the funds are ever retrieved. Certainly, large enterprises are a lucrative target. But small businesses are just as likely to be the mark. Other than being a business that engages in wire transfers, there is no discernible pattern in terms of a focus on a particular sector or type of business. The bad guys don’t discriminate!

Next week the methods of how CEO attacks are initiated ~ Think Before You Click!

Tina Louise ~ ~ 888.871.6584

Pay Attention CEO Your A Target!

Over the next several weeks I am going to dedicate my posts to all C-level executives and the importance of keeping your eye on the ball and that ball is your company and financial future.

This CEO Fraud Prevention posts will provide a thorough overview of how to deal with this exponentially growing wave of cybercrime. I will explain how top executives in Finance are hoodwinked, how companies are compromised, how millions are siphoned off by criminals, and fiduciary responsibilities. I will cover how to prevent such an attack as well as what to do if you become the latest victim. This includes checklists of the key steps.

What is CEO Fraud?  It’s ruined the careers of many executives and loyal employees. Successful CEOs have been fired because of it.  Stock prices have collapsed. IPOs and mergers have been taken off the table. Known as CEO fraud or the Business Email Compromise (BEC), the FBI reports that it this type of cybercrime has victimized more than 22,000 organizations worldwide and is responsible for losses of more than $3 billion.

Despite these statistics, cyber-risk management remains a blind spot for most C-level executives. Yet any company, led by its CEO, must quickly learn to integrate these skills and technologies into day-to-day operations or face the consequences.  I am a firm believer of “Knowledge Is Power”, you grew your companies, with late nights and hard work so do not allow the bad guys to steal your brand and reputation.


Next week I will dive in with the topic of “Understanding CEO Fraud”, till then………………………….

Think Before You Click!

Tina Louise Penn    888.413.9186