We obviously know that phishing is a threat, but even we were surprised to read that over 50% of respondents to a Lloyds Bank survey said they received phishing emails from scammers posing as their boss. This particular kind of phishing attack, known as “CEO Fraud”, can pay off when scammers convince junior employees to pay a fake invoice, or forward other valuable information to whom they believe is a top executive.
CEO fraud is sophisticated from both technological and social angles. Receiving an email from a trusted, high-ranking contact doesn’t raise concerns, as these kinds of messages “feel normal.” Attackers rely on this misplaced trust and a worker’s desire to please the boss. Criminals can use social media or even out-of-office messages to understand the business structure of an organization. They can then craft fake emails and attempt to reach several people within an organization, hoping at least one of them falls for it.
So, what can a company do to prevent this? For one, have a clear policy where any ‘emailed fund transfer request’ or ‘change in invoice address’ requires a second level of confirmation, such as a phone call.
There are technical solutions as well. Inky Phish Fence is great at detecting CEO Fraud:
All this without slowing down the workflow. See for yourself in a free demo -- we can show you real-world examples of clever zero-day phishing attempts and CEO Fraud that Inky caught