CEO fraud occurs when perpetrators instruct the accounting or finance department in the name of the CEO to make a payment to the (typically foreign) ac-count of the scammers. Generally, the instruction is sent from a spoofed email address. But there have also been cases in which compromised real email addresses were used. The reasons given for the payment instruction differ, but the payment is usually claimed to be urgent and extremely sensitive (such as an acquisition). A consultant or a bogus or compro-mised law firm are often also part of the scenario. The attackers know exactly how they can use a supposedly urgent situation to put pressure on the employees in question so that they make the payment while circumventing any procedural requirements.
In the past, typo domains have also been frequently used for fraudulent e-mail communication. In these cases the attackers buy a domain which differs only slightly from the domain of the sender with the goal that the victim does not notice it. This allows the attacker to communicate with the victim without having access to their email accounts.
Social networks are a gold mine for obtaining initial information about the company. LinkedIn is especially interesting for scammers because profiles contain information on business rela-tionships or the identity and function of employees. Commercial registers or even company websites may provide useful information too. If the requisite information is not available online, the scammers make contact by phone to obtain information. There have also been cases in which a fax with the official letterhead of a public administration has been sent to get at the company's information. The desired data mainly includes the email addresses of employees in the accounting department whom the scammers have targeted to make the payments in the end. Using the information from these initial contacts, targeted emails are then sent containing information that is plausible for the company in question.
Scammers mainly use domain names similar to a company's to send out emails that may at first glance appear authentic. Using email addresses from these do-mains, the scammers wanted to trick recipients into believing that the emails were from real companies.
Effects and risks
- loss of considerable sums of money Verlust