What is CEO Fraud (aka Colleague Impersonation)?
About this video
CEO Fraud is the term used to describe Threat Actors (aka Hackers!) impersonating your boss/CEO to increase the likelihood of your compliance with an unusual or high-value request.
Preying on the natural inclination to be helpful to your boss, CEO Fraud is often used as part of a targeted Spear Phishing campaign, aimed directly at people within the organization who are likely to authorise payments, such as the CFO, Accountant, or Accounts Payable Manager.
The video discusses;
- Why CEO Fraud is so dangerous (and successful!)
- Things you need to look for to help identify fraudulent emails from your CEO or other C-Suite / managers in your company
- Gives an example of domain mimicking, a cheap and highly effective way for hackers to legitimately send email that may well get through your email security WITHOUT HACKING
We’ll then briefly discuss some of the solutions that can assist in protecting a company against CEO Fraud attacks.
SPOILER ALERT: There is a human element too – this isn’t a technical-only solution to this issue!
Take away actions on this topic are
- Implement & train your team to pay attention to security warnings
- Discuss phishing emails, what they look like, and how to avoid them as part of your larger Security Awareness Training program.
- Consider implementing routing phishing testing / training for your team (at least quarterly)
- Implement procurement processes and stick to them – ensure you have a no fault or blame culture as long as the procedures are adhered to.
For more videos in this series, please subscribe to our youtube channel linked below, or visit https://www.netprimates.com/tips
Contact Us if you have any questions on this topic, feedback on how we can improve these videos, or suggestions for future topics you’d like us to cover!
Resources related to this video
- YouTube Link containing Video: https://youtu.be/P-QaWVfe6PY
- Download a PDF copy of the slides used in this Video: What is CEO Fraud aka Colleague Impersonation – Slides.pdf
- SANS Don’t Get Hooked Poster teaching people how to identify a phishing email (it’s free!) = SANS Don’t Get Hooked Poster – Identify a Phishing Email
Net Primates Videos
- Cyber Security Tips for Business Owners & Users – Net Primates Youtube Playlist featuring other videos in this series
- Net Primates YouTube Channel – All our Videos in 1 place!