If you think ransomware was the most sophisticated type of cyberattack, think again. CEO fraud attacks are on the rise, and they may be one of the most lucrative forms of cyber intrusion today.
CEO fraud is the latest form of email-based cyberattacks—And has a 90% success rate.
It occurs when hackers design and send a fraudulent email, pretending to be from the CEO to a member of staff requesting a bank transfer. The transferred money ends up going into the criminal’s bank account (typically in a Chinese or Hong Kong bank.) Email is the most common method of attack, but now text messaging is also being used.
CEO Fraud Attacks: What You Need to Know
Because of their success, CEO fraud attacks are becoming more frequent.
- In the first quarter of 2016, an individual was attacked every 20 seconds. By the third quarter, that number had jumped to every 10 seconds.
- Businesses aren’t faring much better, with attacks occurring every two minutes in quarter one of 2016, versus every 40 seconds in quarter three. All told, the number of attacks tripled year over year. This has led to the rise of what some experts are referring to as the “ransomware-as-a-service“ model of cybercrime.
- CEO-targeted fraud cost businesses three times more than ransomware did over the last three years alone. Cyber criminals made a combined $5.3 billion from CEO fraud attacks over the last few years, as compared to the $1 billion from ransomware over the same time period.
Many cybercriminals have decided that now is the time to “go big.”
This points to a curious trend in terms of cybercrime, and an emphasis on the “time is money” approach. The logic is that CEO fraud attacks may be less successful in terms of sheer volume, but the payout is potentially much bigger than the average gained during a traditional ransomware attack. As the old saying goes, “go big or go home.”
These numbers also lend credibility to the theory that CEO fraud attacks are more lucrative than ransomware simply because they’re easier to execute. When a hacker develops a new strain of ransomware, they must extensively test it before it can be released. Even in the best-case scenario, a “successful” ransomware attack usually amounts to a few hundred dollars from a few hundred people.
Comparatively speaking, all that a CEO fraud attack would require is some research on a social network like LinkedIn, and a spear-phishing attack. Yes, it’s true that they’re only targeting one person as opposed to many, but the potential payout is so much larger than it’s worth the additional layer of risk in terms of time.
With all that in mind, when someone tells you that there’s a methodology that’s potentially more devastating and lucrative than ransomware, it’s time to sit up and start listening. This is the situation enterprises are facing as CEO fraud attacks increase in number.
Education Is Your Best Defense.
Even though CEO fraud attacks target a specific person, it’s still a good idea to invest in quality training and education for ALL employees because the stakes are so high. Experts agree that financial departments would benefit from additional training on these types of phishing campaigns. If a fraudulent email headed for the CEO asks for a funds transfer, the financial department can detect and potentially eliminate it before the email has a chance to reach its target.
Other Necessary Forms of Defense
As always, keeping software regularly patched and updated is also of mission-critical importance. Just a few short weeks ago, WannaCry made headlines all over the world. While focusing on new technology to stay ahead of the hackers is always a big part of remaining safe, patching, maintaining and ultimately protecting what you already have is just as essential.
And remember, while firewalls and antivirus software are important, they may not be enough to get the job done on their own. Data collection and analysis will also play a huge role in ensuring that your business doesn’t wind up a statistic in cybercrime reports next year.
Other Cybersecurity News
A new type of WhatsApp phishing attack is currently making its way across Europe. WhatsApp is a popular messaging service that offers true end-to-end encryption, resulting in business users all over the world embracing it.
Hackers are using WhatsApp advertisements containing malicious code to entice users into downloading spyware. The ad itself is for a $250 coupon and usually involves some offer for a major local retailer in exchange for taking a short survey. Once the rogue software is executed, all the contacts, banking credentials and passwords that it can find are compromised. They are then sold to the highest bidder. When you consider the sheer volume of personal information stored on a phone, this could certainly cause trouble for a victim for years to come.
Always pay careful attention to what you click on with these and other types of services. As always, a little common sense goes a long way in these types of situations.
Regardless of whether you’re talking about ransomware, CEO fraud attacks or some other type of threatening situation, one thing is clear— The key to remaining safe in the digital world is to be proactive at all times. This is why it’s so important to learn about new and existing threats. Cybersecurity is truly one of those situations where the old saying of “knowledge is power” applies.
If you’re in Toronto and would like to find out more information about how to safeguard against CEO fraud attacks, ransomware or other cyber intrusions, don’t delay. Contact SmartMetrics at (647) 494-0176 or by email at: email@example.com