It’s common knowledge that email security is important in the business world. Hackers and spammers are relentless in their attempts to get their hands on your company’s sensitive information. A more serious threat is when they attempt to con you out of potentially millions of dollars. If the scam is a success, someone’s job will likely be in jeopardy. CEO Fraud is a real threat that can have damaging effects within a company or organization so it is important to be as prepared as possible to defend against it.
So what is CEO Fraud?
CEO Fraud, also called Whaling or Spear Phishing, is a type of email scam where the criminal impersonates an executive in the organization for the purposes of fooling another employee into initiating some kind of financial transaction (such as requesting a wire transfer or buying gift cards and sending the secret codes). Standard email authentication schemes such as SPF, DKIM, and DMARC, which operate on the sender’s address, do not provide protection against this since the scammer only needs to spoof the executive’s email address name in order to achieve their goal. In fact, a scammer’s email may actually pass SPF, DKIM, and DMARC since the message may originate from a large provider such as Gmail, Yahoo, or Hotmail.
In a busy work day, it would be easy to overlook a slight change to an email address. Here’s an example of a spoofed email a spammer may create:
An unsuspecting employee that receives a message from the latter email address likely won’t notice that the “m” in company is really a “r” and an “n” side by side. At a quick glance, it looks like an “m.” By making these slight variations in the fake email addresses, spammers can be successful at these whaling attempts.
But how do scammers know your company’s hierarchy, including emails?
It’s simple. They do their research. Then they know exactly who they need to impersonate, who to send the “fake” email to, when to send it, and what to say to make the email victim bite the hook. Scary, right?
Now you may be wondering – how is it possible to protect against this? CEO Fraud Protection by Securence guards the executive’s name that gets displayed as the sender and is the key to the scam. If an email claims to be from an executive as configured in Securence but the email address does not match, then Securence will take action. Standard actions include: block and quarantine, notify an administrator, or modify the message to include a warning.
CEO Fraud Protection gives you relief against whaling attacks. You shouldn’t have to worry that any email that you’re receiving could be an attempt to scam you out of money or information. With the customer in mind, Securence added this new CEO Fraud Protection feature in order to be able to protect both you and your company from as many threats as possible so you can focus on the things that really matter.