We obviously know that phishing is a threat, but even we were surprised to read that over 50% of respondents to a Lloyds Bank survey said they received phishing emails from scammers posing as their boss. This particular kind of phishing attack, known as “CEO Fraud”, can pay off when scammers convince junior employees to pay a fake invoice, or forward other valuable information to whom they believe is a top executive.
CEO fraud is sophisticated from both technological and social angles. Receiving an email from a trusted, high-ranking contact doesn’t raise concerns, as these kinds of messages “feel normal.” Attackers rely on this misplaced trust and a worker’s desire to please the boss. Criminals can use social media or even out-of-office messages to understand the business structure of an organization. They can then craft fake emails and attempt to reach several people within an organization, hoping at least one of them falls for it.
So, what can a company do to prevent this? For one, have a clear policy where any ‘emailed fund transfer request’ or ‘change in invoice address’ requires a second level of confirmation, such as a phone call.
There are technical solutions as well. Inky Phish Fence is great at detecting CEO Fraud:
- It will tell you through our warning banners if an email is from a “First Time Sender”, which would be a red flag in an email supposedly from your boss. We also mark every mail as “internal” or “external”.
- Inky uses machine learning to build Sender Profiles for you, so Inky knows if a sender’s email address, geographic location, or even email client used varies from the Sender Profile that Inky has developed for you.
- Our warning banners go further and highlight what else could be unusual about a suspicious email, such as a brand impersonation attempt.
All this without slowing down the workflow. See for yourself in a free demo -- we can show you real-world examples of clever zero-day phishing attempts and CEO Fraud that Inky caught