\nCEO fraud is characterized by its sophistication and the use of<\/strong> social engineering<\/a> techniques. Cybercriminals thoroughly investigate the targeted company, gathering information about its organizational structure, executives, and employees. They use this information to create forged emails, apparently sent by some senior official, that appear authentic and often contain a sense of urgency.
\nThese emails may request money transfers to bank accounts controlled by the criminals <\/strong>or the disclosure of sensitive information.
\nSome of the techniques<\/strong> used to carry out CEO fraud are:<\/p>\n
- \n
- Impersonation <\/strong>Scammers create email addresses that mimic those of the company’s top executives. Sometimes, they even compromise executives’ real email accounts to send fraudulent messages.<\/li>\n
- Social engineering. <\/strong>Criminals use persuasion tactics to gain the trust of employees. They may impersonate the CEO or a senior executive, even mimicking their way of communicating and writing, and request urgent actions, such as money transfers, citing critical business reasons.<\/li>\n
- Psychological manipulation. <\/strong>Fraudulent emails often contain a sense of urgency and pressure for employees to act quickly without following the usual verification procedures. This can include subtle threats or the promise of rewards.<\/li>\n<\/ul>\n
The impact of CEO fraud can be devastating for businesses. Financial losses are often significant,<\/strong> and recovering stolen money is difficult or impossible.
\nYou may be interested in our content\u2192 How to prevent identity theft on social networks.<\/a><\/p>\n<\/p>\n
![\"CEO](\"https:\/\/enthec.com\/wp-content\/uploads\/2024\/12\/fraude-CEO.jpg\")
<\/p>\n<\/p>\n
How CEO Fraud Works: Main Steps<\/h2>\n
As we’ve already seen, CEO fraud is a sophisticated tactic that cybercriminals use to trick a company’s employees into obtaining financial benefits or sensitive information. This type of fraud relies on psychological manipulation and social engineering to achieve its goals.<\/strong>
\nThe typical steps<\/strong> that fraudsters take to carry out CEO fraud are:<\/p>\nResearch and information gathering<\/h3>\n
The first step in CEO fraud is thoroughly investigating the target company<\/strong>. Cybercriminals collect information about the company’s organizational structure, senior executives’ names and titles, and employees with access to finances or sensitive information.
\nThis information is obtained through various sources, such as social networks, corporate websites, and public databases.<\/strong><\/p>\nImpersonation<\/h3>\n
Once the scammers have gathered enough information, they create email addresses that mimic those of the company’s top executives.<\/strong> Sometimes, they even compromise executives’ real email accounts to send fraudulent messages.
\nThese spoofed emails are designed to look authentic and often contain specific details that increase their credibility.<\/strong><\/p>\nSending the fraudulent email<\/h3>\n
Cybercriminals email company employees, posing as the CEO or a senior executive. These emails typically feel urgent and ask for immediate action<\/strong>, such as money transfers to bank accounts controlled by criminals or disclosing sensitive information.
\nScammers use persuasion and psychological manipulation tactics <\/strong>to convince employees to act quickly without following the usual verification procedures.<\/p>\nPsychological manipulation<\/h3>\n
Emails involved in CEO fraud include psychological manipulation<\/strong> to increase the likelihood of success. For example, subtle threats, such as the possibility of losing a significant business opportunity, or promises of rewards, such as a promotion or bonus.
\nFraudsters also take advantage of times of high market pressure <\/strong>or changes in the company, such as mergers or acquisitions, to increase the credibility of their requests.<\/p>\nExecution of the scam<\/h3>\n
Cybercriminals achieve their goals if employees fall for the trap and perform the requested actions. Money transfers are sent to bank accounts controlled by criminals and are almost impossible to trace, or the sensitive information obtained is used for other malicious purposes.<\/strong><\/p>\n
<\/p>\n
Strategies to avoid CEO fraud<\/h2>\n
Preventing CEO fraud requires taking security measures<\/strong> specifically aimed at these types of attacks, such as:<\/p>\n
Establishing Verification Protocols<\/h3>\n
It is one of the most effective measures to prevent CEO fraud. These protocols ensure that any request for money transfer or disclosure of confidential information is verified before execution.<\/strong> Some best practices include:<\/p>\n
- \n
- Verbal confirmation:<\/strong> Require that any request for money transfer be confirmed verbally via a direct phone call to the executive supposedly sending the email.<\/li>\n
- Two-factor authentication:<\/strong> Implement a two-factor authentication system for financial transactions. Of note, for its effectiveness, is the obligation to have the approval of two or more people in the organization for any significant money transfer.<\/li>\n
- Escalation procedures:<\/strong> Establish clear procedures for escalating suspicious requests to a higher management level for review and approval.<\/li>\n<\/ul>\n
<\/p>\n
![\"Verification](\"https:\/\/enthec.com\/wp-content\/uploads\/2024\/12\/verificacion-evitar-fraude-ceo.jpg\")
<\/p>\n<\/p>\n
Email Protection<\/h3>\n
Email protection is crucial to preventing CEO fraud. Businesses should implement email security solutions <\/strong>that include:<\/p>\n
- \n
- Advanced spam filters. <\/strong>Advanced spam filters block suspicious emails before they reach employees’ inboxes.<\/li>\n
- Email authentication. <\/strong>Implement email authentication protocols such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance) to verify the authenticity of incoming emails.<\/li>\n
- Phishing detection. <\/strong>Phishing detection.<\/li>\n
- Education and awareness. <\/strong>Train employees on identifying suspicious emails and what to do if they receive one. It includes teaching them to verify email addresses, look for grammar and spelling errors, be suspicious of unusual communication tones, and not click links or download attachments from unsolicited emails.<\/li>\n<\/ul>\n
External confirmation procedures<\/h3>\n
Companies should establish external confirmation procedures and internal verification protocols to ensure the authenticity of money transfer requests.<\/strong><\/p>\n
- \n
- Verification with the bank.<\/strong> Before processing any money transfer, check the request with the bank to ensure it is legitimate. This may include confirmation of the applicant’s identity and review of the destination bank account.<\/li>\n
- Emergency contact list.<\/strong> Maintain an emergency contact list that includes the phone numbers and email addresses of senior executives and other key employees. It allows for quick and direct confirmation of any urgent request.<\/li>\n
- Review of transactions.<\/strong> Implement a transaction verification process that includes verification of any significant money transfers by multiple people. This helps ensure that requests are legitimate and that proper procedures are followed.<\/li>\n<\/ul>\n
<\/p>\n
Is it possible to detect signs to avoid being a victim of CEO fraud?<\/h2>\n
Knowing signs of potential CEO fraud is crucial to preventing such attacks. To do this, employees must be familiar with the various warning signs, and the organization must be aware of the threats to which it is exposed at all times that can be used to arm the attack.<\/strong><\/p>\n
Red Flags<\/h3>\n
Several red flags can indicate a fraud attempt by the CEO.<\/p>\n
- \n
- Emails with grammatical, spelling, or tone errors<\/strong>: fraudulent emails often contain errors or unusual communication tones that should always alert and force verification.<\/li>\n
- Urgent action requests<\/strong>: Scammers often create a sense of urgency for employees to act quickly without following standard vetting procedures.<\/li>\n
- Suspicious email addresses<\/strong>: Email addresses that mimic those of senior executives but with slight variations are a clear sign of fraud.<\/li>\n
- Unusual requests:<\/strong> Any request that does not follow the company’s usual procedures should be considered suspicious and verified.<\/li>\n<\/ul>\n
Monitoring techniques<\/h3>\n
To detect possible attempts at fraud by the CEO, it is convenient for companies to implement monitoring techniques<\/strong> that include all web layers.<\/p>\n
Surface Web Monitoring<\/h4>\n
The surface web includes all websites accessible through conventional search engines. Monitoring tools track mentions of the organization, executive names, and other sensitive information on blogs, forums, and social media<\/strong>. They help identify potential attempts by cybercriminals to collect information.<\/p>\n
Deep web monitoring<\/h4>\n
The deep web includes content not indexed by conventional search engines, such as databases, private forums, and password-protected websites. Specialized monitoring tools track suspicious activity on these sites<\/strong>. It includes searching for leaked information, such as login credentials, that cybercriminals could use to engineer a CEO fraud attack.<\/p>\n
Dark web monitoring<\/h4>\n
The dark web is a part of the deep web that requires special software to access, such as Tor. It’s commonplace to sell and share stolen information. Specialized monitoring tools track the sale of sensitive information, such as email credentials, financial data, and sensitive personal data.<\/strong> They provide an early warning that cybercriminals are collecting information for a potential attack.<\/p>\n
Behavioral Analysis<\/h4>\n
Behavioral analysis tools help identify unusual activity in email accounts and financial systems<\/strong>. They detect anomalous behavior patterns, such as login attempts from unusual locations or unauthorized money transfers.<\/p>\n
Regular audits<\/h4>\n
Regular audits of financial transactions and electronic communications are essential to detect anomalies. Audits help identify suspicious activity and patterns<\/strong> and ensure that proper security procedures are in place and followed.<\/p>\n
<\/p>\n
Relevant Examples of CEO Fraud<\/h2>\n
We know some of these attacks when they jump into the media,<\/strong> but they are not all, as most companies try to prevent them from going public for reputational reasons.<\/p>\n
- \n
- Ubiquiti Networks (2015). <\/strong>The scammers used spoofed emails to trick employees of this tech company into making money transfers to bank accounts controlled by the criminals. The financial loss amounted to $46.7 million.<\/li>\n
- FACC (2016). <\/strong>Austrian aerospace company FACC suffered a CEO fraud that resulted in a \u20ac50 million loss. The scammers posed as the CEO and emailed employees requesting money transfers for a purported acquisition.<\/li>\n
- Crelan Bank (2016).<\/strong> The Belgian bank Crelan Bank was the victim of CEO fraud, which resulted in a loss of 70 million euros after the scammers deceived some employees by asking for different transfers.<\/li>\n
- Zendal Pharmaceutical Group (2020). <\/strong>In Spain, immersed in the pandemic, the group’s CFO transferred \u20ac9 million following the alleged urgent and confidential order of the company’s CEO, whose email had been tapped by a cybercriminal.<\/li>\n
- Caritas Luxembourg (2024). <\/strong>Although it remains under investigation, Caritas Luxembourg’s financial collapse, caused by the transfers of 61 million euros to 14 different bank accounts over five months, is blamed on CEO fraud, who deceived the organization’s financial director.<\/li>\n
- <\/li>\n<\/ul>\n
Enthec helps you manage your organization’s threat exposure<\/h2>\n
Thanks to its Threat Exposure Management (TEM) solutions, Enthec <\/a>allows the organization to monitor the different layers of the web to locate the leaked and exposed information available to anyone<\/strong> who wants to use it to design a CEO Fraud attack. This includes sensitive corporate information and the personal information of the CEO and senior executives so that the organization can neutralize its effects even before the attack is executed.
\nContact us<\/a> to learn more about how Enthec can help you avoid CEO fraud<\/strong> and other social engineering techniques and the costly financial impact that comes with them.<\/p>\n","protected":false},"excerpt":{"rendered":"Cybercriminals benefit significantly from the success of cyberattacks known as CEO fraud and the evolution of technology behind the proliferation […]<\/p>\n","protected":false},"author":4,"featured_media":2727,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[24,32],"class_list":["post-2731","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-cybersecurity","tag-kartos-en"],"yoast_head":"\n
All About CEO Fraud - Enthec<\/title>\n<meta name=\"description\" content=\"We explain CEO Fraud, how it works, and the most relevant prevention keys, along with examples \u27a1\ufe0f. Find out here!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"All About CEO Fraud - Enthec\" \/>\n<meta property=\"og:description\" content=\"We explain CEO Fraud, how it works, and the most relevant prevention keys, along with examples \u27a1\ufe0f. Find out here!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/\" \/>\n<meta property=\"og:site_name\" content=\"ENTHEC \u00b7 Kartos \u00b7 Qondar\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-05T13:42:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-17T11:22:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/enthec.com\/wp-content\/uploads\/2024\/12\/evitar-fraude-ceo-scaled.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1870\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Enthec\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Enthec\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/\",\"url\":\"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/\",\"name\":\"All About CEO Fraud - Enthec\",\"isPartOf\":{\"@id\":\"https:\/\/enthec.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/enthec.com\/wp-content\/uploads\/2024\/12\/evitar-fraude-ceo-scaled.jpeg\",\"datePublished\":\"2024-12-05T13:42:06+00:00\",\"dateModified\":\"2024-12-17T11:22:59+00:00\",\"author\":{\"@id\":\"https:\/\/enthec.com\/#\/schema\/person\/3ee5632ff6252f2a608293472d04f1a1\"},\"description\":\"We explain CEO Fraud, how it works, and the most relevant prevention keys, along with examples \u27a1\ufe0f. Find out here!\",\"breadcrumb\":{\"@id\":\"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/#primaryimage\",\"url\":\"https:\/\/enthec.com\/wp-content\/uploads\/2024\/12\/evitar-fraude-ceo-scaled.jpeg\",\"contentUrl\":\"https:\/\/enthec.com\/wp-content\/uploads\/2024\/12\/evitar-fraude-ceo-scaled.jpeg\",\"width\":2560,\"height\":1870,\"caption\":\"c\u00f3mo evitar el fraude del CEO\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\/\/enthec.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What is CEO fraud, and how can it be avoided?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/enthec.com\/#website\",\"url\":\"https:\/\/enthec.com\/\",\"name\":\"ENTHEC \u00b7 Kartos \u00b7 Qondar\",\"description\":\"Deep tech cyber-surveillance company\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/enthec.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/enthec.com\/#\/schema\/person\/3ee5632ff6252f2a608293472d04f1a1\",\"name\":\"Enthec\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/enthec.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/15b8af9966a7c8e3e248729e378b7f5d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/15b8af9966a7c8e3e248729e378b7f5d?s=96&d=mm&r=g\",\"caption\":\"Enthec\"},\"url\":\"https:\/\/enthec.com\/en\/author\/enthec\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"All About CEO Fraud - Enthec","description":"We explain CEO Fraud, how it works, and the most relevant prevention keys, along with examples \u27a1\ufe0f. Find out here!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/","og_locale":"en_US","og_type":"article","og_title":"All About CEO Fraud - Enthec","og_description":"We explain CEO Fraud, how it works, and the most relevant prevention keys, along with examples \u27a1\ufe0f. Find out here!","og_url":"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/","og_site_name":"ENTHEC \u00b7 Kartos \u00b7 Qondar","article_published_time":"2024-12-05T13:42:06+00:00","article_modified_time":"2024-12-17T11:22:59+00:00","og_image":[{"width":2560,"height":1870,"url":"https:\/\/enthec.com\/wp-content\/uploads\/2024\/12\/evitar-fraude-ceo-scaled.jpeg","type":"image\/jpeg"}],"author":"Enthec","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Enthec","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/","url":"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/","name":"All About CEO Fraud - Enthec","isPartOf":{"@id":"https:\/\/enthec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/#primaryimage"},"image":{"@id":"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/#primaryimage"},"thumbnailUrl":"https:\/\/enthec.com\/wp-content\/uploads\/2024\/12\/evitar-fraude-ceo-scaled.jpeg","datePublished":"2024-12-05T13:42:06+00:00","dateModified":"2024-12-17T11:22:59+00:00","author":{"@id":"https:\/\/enthec.com\/#\/schema\/person\/3ee5632ff6252f2a608293472d04f1a1"},"description":"We explain CEO Fraud, how it works, and the most relevant prevention keys, along with examples \u27a1\ufe0f. Find out here!","breadcrumb":{"@id":"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/#primaryimage","url":"https:\/\/enthec.com\/wp-content\/uploads\/2024\/12\/evitar-fraude-ceo-scaled.jpeg","contentUrl":"https:\/\/enthec.com\/wp-content\/uploads\/2024\/12\/evitar-fraude-ceo-scaled.jpeg","width":2560,"height":1870,"caption":"c\u00f3mo evitar el fraude del CEO"},{"@type":"BreadcrumbList","@id":"https:\/\/enthec.com\/en\/what-is-ceo-fraud-and-how-can-it-be-avoided\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/enthec.com\/en\/"},{"@type":"ListItem","position":2,"name":"What is CEO fraud, and how can it be avoided?"}]},{"@type":"WebSite","@id":"https:\/\/enthec.com\/#website","url":"https:\/\/enthec.com\/","name":"ENTHEC \u00b7 Kartos \u00b7 Qondar","description":"Deep tech cyber-surveillance company","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/enthec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/enthec.com\/#\/schema\/person\/3ee5632ff6252f2a608293472d04f1a1","name":"Enthec","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/enthec.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/15b8af9966a7c8e3e248729e378b7f5d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/15b8af9966a7c8e3e248729e378b7f5d?s=96&d=mm&r=g","caption":"Enthec"},"url":"https:\/\/enthec.com\/en\/author\/enthec\/"}]}},"_links":{"self":[{"href":"https:\/\/enthec.com\/en\/wp-json\/wp\/v2\/posts\/2731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/enthec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/enthec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/enthec.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/enthec.com\/en\/wp-json\/wp\/v2\/comments?post=2731"}],"version-history":[{"count":2,"href":"https:\/\/enthec.com\/en\/wp-json\/wp\/v2\/posts\/2731\/revisions"}],"predecessor-version":[{"id":2873,"href":"https:\/\/enthec.com\/en\/wp-json\/wp\/v2\/posts\/2731\/revisions\/2873"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/enthec.com\/en\/wp-json\/wp\/v2\/media\/2727"}],"wp:attachment":[{"href":"https:\/\/enthec.com\/en\/wp-json\/wp\/v2\/media?parent=2731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/enthec.com\/en\/wp-json\/wp\/v2\/categories?post=2731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/enthec.com\/en\/wp-json\/wp\/v2\/tags?post=2731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} - FACC (2016). <\/strong>Austrian aerospace company FACC suffered a CEO fraud that resulted in a \u20ac50 million loss. The scammers posed as the CEO and emailed employees requesting money transfers for a purported acquisition.<\/li>\n
- Urgent action requests<\/strong>: Scammers often create a sense of urgency for employees to act quickly without following standard vetting procedures.<\/li>\n
- Emergency contact list.<\/strong> Maintain an emergency contact list that includes the phone numbers and email addresses of senior executives and other key employees. It allows for quick and direct confirmation of any urgent request.<\/li>\n
- Email authentication. <\/strong>Implement email authentication protocols such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance) to verify the authenticity of incoming emails.<\/li>\n
- Two-factor authentication:<\/strong> Implement a two-factor authentication system for financial transactions. Of note, for its effectiveness, is the obligation to have the approval of two or more people in the organization for any significant money transfer.<\/li>\n
- Social engineering. <\/strong>Criminals use persuasion tactics to gain the trust of employees. They may impersonate the CEO or a senior executive, even mimicking their way of communicating and writing, and request urgent actions, such as money transfers, citing critical business reasons.<\/li>\n