CEO fraud prevention starts with understanding how CEO fraud works.
CEO fraud is a type of scam that uses social engineering attack techniques to exploit trusted relationships. It is also sometimes called “whaling” or business email compromise (BEC),
In a CEO fraud attack, a threat actor pretends to be a high-ranking company executive (often the CEO—hence the name—but it can also be the COO or CFO) to trick employees into downloading malware (for example ransomware), sharing confidential information, or making an unauthorized financial transfer.
What makes CEO fraud scams so successful and dangerous is that they’re highly targeted.
Fraudsters research potential victims online in an attempt to find as much information about them as possible. They then use this information to send individual employees personalized emails that seem to come from upper management.
Often, attackers will use an executive’s actual email address (after taking over their email account) or one that looks very similar (a practice known as “spoofing”).
Employee education and technical controls like email software can help with CEO fraud prevention. However, without a proactive effort to remove executive information from the internet, these kinds of solutions still fall short of full prevention.
Because most successful CEO fraud attacks rely on threat actors’ ability to find personal information about employees and executives, it is important to remove their data from online sources like data brokers.
Before cybercriminals engage in CEO fraud, they conduct reconnaissance on potential targets. The goal here is to find the right people to phish, so things like org charts, job titles, and contact lists are very valuable.
Threat actors can use multiple methods to gather this information. For example, they can conduct open-source reconnaissance on social media platforms like LinkedIn and company websites.
However, looking for and gathering all this information from several different sources can be a time-intensive task.
As a result, cybercriminals are increasingly turning to data brokers for reconnaissance.
Data brokers and people search sites are websites that sell individuals’ personal and professional information to anyone who wants to buy it. Sometimes, this information (or a part of it) is also available for free.
Learn more: Data brokers: your comprehensive guide
Some data brokers even put employees into specific categories, making threat actors’ jobs even easier.
For example, data brokers that are commonly used for lead generation might segment professionals into categories like “human resources leads,” “finance/accounting leads,” etc.
Here’s what someone can get if they purchase “finance/accounting leads” from one such popular data broker:
And here’s what someone’s profile looks like:
We know from recent leaks that cybercrime groups use data broker sources for target identification and to find people to “name drop” within emails.
CEO fraud attempts are hard to identify because, unlike mass phishing emails, these attacks are frequently personalized to the recipient.
Learn more: The Ultimate Guide to Executive Privacy and Executive Security Online
However, if an email features one or more of the following, it may be a CEO fraud email:
Here are three things organizations can do to minimize the risk of CEO fraud.
Security awareness training is an important part of any company’s security policy and a great way to educate employees about CEO fraud and how to spot fraudulent emails that impersonate executives.
When they receive an email, employees need to:
Regular phishing and spear phishing simulations can give employees a better idea of the red flags to look out for.
Technical controls are another important step in CEO fraud prevention.
CEO fraud cyber attacks often bypass email filters (including Google’s and Microsoft’s native filters), so it is crucial to have advanced email security software that can spot CEO fraud attempts (for example, urgent requests and spoofed domain names) in real-time and flag emails that are suspicious.
Password management and multi-factor authentication should also be implemented across the entire organization to protect important accounts and apps.
Neither employee training nor technical controls are 100% foolproof.
Highly targeted CEO fraud emails can bypass email tools and trick employees. To minimize the risk of that happening, it is critical to take away threat actors’ access to executive and employee personal information online.
Data brokers and people search sites are one of the largest sources of employee exposure.
Opting out executives and employees from data broker databases makes it harder for threat actors to find a) targets and b) details to personalize their emails.
The less personal data cybercriminals have about employees, the less realistic their emails will be, and the more likely it is that email software and/or employees will catch them.
Although every employee can benefit from data broker opt-outs, providing coverage to the entire organization may not be realistic for many companies, especially those with thousands of employees. In this case, identifying high-risk users can help narrow down who to protect.
CEO fraud often targets the following groups of people:
Technical controls and employee training are important in CEO fraud prevention, but personal data removal shouldn’t be overlooked either.
With attackers increasingly turning to data broker sources for reconnaissance, opting out of data brokers could mean the difference between a successful and failed CEO fraud attack.
DeleteMe is built for organizations that want to decrease their risk from vulnerabilities ranging from executive threats to cybersecurity risks.