Infosec Cloud
Solutions. Services. Training.

The 'chat' from the cloud

Keep up-to-date with the latest trends, hints and tips on cloud-based security

CEO Social Engineering Fraud

Date: Jan 11, 2016

Category: Blog

As reported on the BBC New Website, cyber criminals are using publicly available corporate data, including finding out the identities of senior managers and senior financial officers from social networks such as LinkedIn, to successfully launch targeted, social engineering attacks.

In the US, the FBI’s internet crime centre or IC3 has been tracking “business email compromise” scams, as it calls them, and reckons about 7,000 companies have been defrauded of more than $740m (£508m; €682m) over the last two years.

Typical attacks include:

  1. 1. Someone poses as a boss of a company instructing staff to make a wire transfer into the fraudster’s account
  2. 2. Fraudsters pose as the IT services department of a bank saying they want to make a test transfer – but it’s not a test
  3. 3. Fraudsters claim to be a supplier and ask for outstanding invoices to be paid into a new bank account
  4. 4. Employees click on links within phishing emails containing malware which authorises many small payments to the fraudster’s account

See the full article from the BBC here >>

Staff are less likely to question instructions purporting to come from on high, and it’s this psychological manipulation – often accompanied by a sense of urgency – that is a major factor in the fraud’s success.

Businesses, of all sizes, should be vigilant and make sure all IT Users, from the CEO down, receive regular, measurable Security Awareness Training.

Read about Security Awareness Training >>

Comments are closed.

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks