Cybersecurity
⚠️ CEO Fraud

The CEO Fraud

The attack called the CEO Fraud is more and more frequent due to the increase in teams working remotely from their homes. Here are some recommendations to avoid this type of threat.

👨‍💻👩🏻‍💻 Awareness is the best defense. Your network suppliers may take all the necessary security measures to reduce these attacks. However, these are not sufficient to protect users who don’t know how to recognize a threat. Their growing ingenuity can trick even the most experienced users. The best protection is a secure IT setup as well as an informed user.

🤖 Cybersecurity tips 101

The Swiss government National Cyber Security Center (NCSC) defined the CEO Fraud as an attack “when perpetrators instruct the accounting or finance department in the name of the CEO to make a payment to the (typically foreign) account of the scammers”

 

The characteristics of these attacks:

• Use of a fake email address or a hacked existing address.
• Concerns an urgent money transfer or payment.
• Feeling of pressure or urgent situation.
• Other fake “experts” can be involved (consultants, lawyers…)
• Attackers are very informed about the company and its employees thanks to social media (LinkedIn) or even phone calls.
• Using the company letterhead, referring to real projects, hacking employee accounts, several email exchanges are some of the tactics used to gain the employee’s trust.

 

What you can do

It is important to remember that it is almost impossible to prevent fraudulent emails of this kind from being sent. Basic NCSC recommendations are:

• Raise employees awareness about these kind of frauds. Specific training should be given to people in key positions.
• Do not give out information to unusual or dubious contacts, and do not follow any instructions in such cases even if under pressure.
• All companies should check what information about the company is available online.
• Procedures should be defined that all employees have to follow at all times, specifically concerning payments. The NCSC recommends requiring collective signatures for money transfers.

 

If you are a victim of the CEO Fraud

✓ If you made a payment, immediately contact the bank through which you made it. They may still be able to stop it.

✓ Contact the cantonal police responsible for your place of business and file a criminal complaint.

✓ If a request seems unusual, verify internally that the order is correct. Whether it be with your superior, HR, IT or the chairman himself/herself. Double check internal procedures.

 

A few resources for more information
Stay up to date on the habits to develop for safe online surfing with these excellent resources.

• More information about CEO Fraud from the National Cyber Security Center and the Swiss Criminality Prevention website (in French)
• Online training to learn how to better protect your data (free and in French) from the Canton of Geneva