There has been a growing trend recently of cyber thieves committing high value thefts by spoofing the e-mail accounts of c-level executives to initiate unauthorized international wire transfers. These e-mails typically appear to come from the CEO or CIO, requesting that an employee perform a wire transfer. According to a recent alert by the FBI scams of this type (also referred to as Business E-mail Compromise or CEO Fraud) have accounted for at least $215 Million in theft within a 14 month period alone.
There are many reasons why these efforts by cyber thieves have been so (unfortunately) successful, chief among those are:
Basic Psychology
Employees from entry level through middle management are typically hesitant to question requests from upper level management. This hesitance to question the validity of a request is crucial to the success of this type of scam, as a simple “I just wanted to verify that you requested this wire transfer” would prevent the wire transfer from being sent.
E-mail Spoofing
It is remarkably easy to spoof an e-mail (make an e-mail appear that it is coming from a different address than it is actually being sent from), but outside of technology related fields few individuals are aware of how easy this is to accomplish.
LinkedIn is extremely useful for networking and professional development. Unfortunately, the professional social media platform also makes it remarkable easy for Cyber Thieves to identity the names and titles to target with the fraudulent e-mails as well as the names and titles to masquerade as.
Corporate Branding
Most businesses follow a consistent branding strategy, including standardized e-mail signature lines. This makes it relatively easy for cyber thieves to make an e-mail appear to be from the c-level executive beyond just the spoofed e-mail address.
Out of the reasons noted above, only one contains a simple fix. By simply confirming any unusual money transfer request with the individual who made the request you can easily thwart an attempted theft for your business (and yes, that does mean questioning a request from your boss!)