A fish, whale and CEO walk into a bar

Remember the good old days when fishing for info or money online was just called phishing? We’re an industry built on tech and science, but we do love our artsy synonyms and hyperbole. 

If you’ve ever had the pleasure of talking to Rois, our Head of Cyber Governance, you’ll know how she feels about the unreliability of research that looks at Business Email Compromise (BEC), whaling, Friday afternoon scams, and CEO fraud as different types of incidents. IT’S THE SAME THING.

We recently posted a blog about BEC, and we’ve also talked you through whaling and spear phishing, so to close the circle of education on all these types of email threats, here’s a quick guide to CEO fraud. 

CEO fraud: the facts

Well firstly, you should know that the FBI calls it Business Email Compromise (cue intense eye rolling). Secondly, it’s not about CEOs committing fraud. And finally, it’s not just about CEOs.

In an age when engagement and transparency are key to topping customer relations practices, most C-level executives will have a profile on a corporate website and social accounts combining marketing-approved streams of consciousness with the occasional personal opinion thrown in. It’s never been easier to build profiles of executives and impersonate their communication styles and that’s why CEO fraud is such an easy win for scammers.

Impersonating someone else in order to gain access to confidential information or money is the crux of the phishing attack, so CEO fraud simply extends that process to scammers masquerading as your boss with a c-level title and tricking you into committing a breach.

Common CEO fraud scenarios

  1. ‘CFO’ emails accounts to ask for a money transfer to be sent to a supplier – but the account details have changed and it needs to be action urgently.
  2. ‘CEO’ emails HR to ask for a list of employees and associated financial information to be shared with a new payroll company
  3. ‘Partner’ at law firm asks paralegal to send conveyancing monies to a new account due to an internal error

A 2019 report by the FBI found that organizations lost an estimated $1.77 billion due to these types of attack and it’s clear to see why. Faced with an end-of-day email from the CEO marked ‘URGENT’, you’d be forgiven for acting on it immediately. Invoice scams are particularly prolific as they play on an employee’s fear of the potential consequences of an unhappy supplier, or partner that could put pause to the organisation’s operations.

Identifying and eliminating CEO fraud

The reason so many phishing attacks come to fruition is that scammers are no longer satisfied with using lookalike email domains, using a lower case ‘L’ for the letter ‘I’ for example. Today, domain impersonation is a simple hack and it makes it impossible for a recipient to identify that the email purporting to come from their CEO is actually a fake.

Contrary to popular belief that email gateway protection, such as spam filters and appliances that weed out emails with malicious content, will protect organizations from domain impersonation, the only sure-fire way to eliminate the threat is with an entirely different (less resource intensive) approach. In the last few years, we’ve seen a wave of action against email impersonation, and global protocols such as DMARC have been widely adopted to tackle email fraud. 

How can Red Sift help?

At Red Sift, we enable security-first organizations to successfully communicate with and ensure the trust of their employees, vendors, and customers. Our portfolio includes a number of gold-standard email and domain protection products: OnDMARC and Brand Trust. These are designed to work in unison to block outbound phishing attacks and provide domain impersonation defense for company-wide threat protection.

Red Sift find out more

PUBLISHED BY

Randal Pinto

17 Mar. 2020

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Winter wins: Red Sift OnDMARC wraps up 2024 as a G2 DMARC…

Francesca Rünger-Field

The season of giving has brought us another reason to celebrate! Red Sift OnDMARC continues its winning streak in G2’s Winter 2025 report, earning Leader status in the DMARC category for another consecutive season. This recognition reflects our strong market presence and the unwavering satisfaction of our customers. Cheers to wrapping up 2024 on…

Read more
AI

Text classification in the age of LLMs

Phong Nguyen

As natural language processing (NLP) advances, text classification remains a foundational task with applications in spam detection, sentiment analysis, topic categorization, and more. Traditionally, this task depended on rule-based systems and classical machine learning algorithms. However, the emergence of deep learning, transformer architectures, and Large Language Models (LLMs) has transformed text classification, allowing for…

Read more
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more