CEO Phishing Outranks Ransomware as New Choice of Cyber Criminals

July 28, 2017


(July 27, 2017) -- Data security company Trivalent reports that CEO fraud, another type of phishing attack, accounted for a staggering $5.3 billion of cybercrime revenue over the last 3 years. This increase demonstrates the heavy trend toward email hacking over the now less popular and less profitable ransomware schemes.

Why? C-suite email fraud take less time to develop (think quick Google searches on name and email information), commands higher payouts from corporations instead of individuals, and yields quicker results.


Targeting Employees with an Email From Their "Boss"

CEO phishing attacks impersonate business owners and other high-level executives in emails instructing employees to transfer funds to a distributor or other common recipient. The emails have been originating in China and Hong Kong, and includes real information like personal greetings or specific information on recent business transactions. Many times, employees don't suspect the messages are fraudulent because they regularly work with foreign suppliers in these regions or perform payment transfers as a regular part of their job.

If the attack is successful and money is transferred to hacker, it lost to cyberspace and has a minimal chance of ever being seen again.


The Real Cost to Your Business 

CEO fraud attacks carry out data theft and have the potential to immediately steal thousands, if not millions, of dollars from company bank accounts. Lucky businesses are able to trace and win back a small portion of these funds, but the money is often not recoverable.

Other sunk costs include a new need for untampered digital accounts and computers, and the inability of your employees to perform their normal job tasks. Your company's internet security system must also be rebuilt. It's almost impossible to measure the financial impact of phishing schemes.


Ways to Protect Yourself

+ Arm your employees with anti-phishing training so they know how to identify a fraudulent email, have it inspected by an IT professional, and warn others from taking action.

+ Deploy regular fake phishing tests that can monitor your employees' susceptibility to real infiltration.

+ Establish a firm policy of directly double-checking with the true sender before wiring the transfer of any payment.

+ Send test payments first. Transfer a small amount and confirm the proper recipients have received the money before sending out lump sums. 

Report it to BBB!

Please report any sort of phishing email or other cyber threat to BBB's Scam Tracker so that we can continue to research and arm you with information on hazardous trends, and provide helpful tips for avoiding them. Visit our cybersecurity page for more best prevention tips and other cybercrime resources for businesses!