CEO Email Phishing: Five Ways to Protect Your Company
According to the FBI Internet Crime Complaint Center (IC3), incidents of Business Email Compromise, largely known as the CEO Phishing scam, have mushroomed over the past couple of years. In this case, a scammer will collect information on the CEO of the target company to impersonate that CEO and request W-2 documents or wire transfers of corporate funds from unsuspecting employees. Between January 2015 and December 2016 there was a 2370% increase in losses from CEO spoofing incidents. From June to December 2016 alone, there were 3,044 reports, accounting for $36,160,957 in losses.
Beyond more common advice for avoiding CEO phishing attacks, the FBI has expanded tips for businesses to prepare for and defend against them.
- Steer clear of free web-based e-mail accounts.
- Use the Forward button to respond to emails, instead of automatically responding to emails with the “Reply” button. A “Reply email can be easily re-directed.
- Develop a detection system to capture “reply-to” and other emails that use slightly different than a legitimate corporate address. Scammers are counting on employees to overlook the altered address.
- Register all company domains that are slightly different than the actual company domain.
- Employ Two-Factor Authentication on company email and other accounts. Use a similar authentication procedures for vendor transactions.
- Confirm requests for transfers of funds. Contact the person making the email wire transfer request by telephone or other trusted method of communication. Source: FBI.gov
BBB News Release: CEO Email Phishing: Five Ways to Protect Your Company