person on computer

Phishing attacks have increased phenomenally in the last year since more and more organizations began having employees work from home. These cyber attacks are varied and come in many forms.

One subset of impersonation and social engineering cyber scams is commonly referred to as fake president fraud:

 

The fake president fraud is a type of scam in which a criminal posing as a company executive convinces an employee to voluntarily transfer a large sum of money directly to a criminal’s account. The fake president fraud may vary in some of its details, but it always contains four major elements:

 

1.) The “president” makes contact. Someone posing as a high-level executive in the company—often the president, CEO or CFO—will reach out to the target employee. This contact often occurs via email, either from a domain that is deceptively similar to the company’s actual domain or via a “personal account.”

 

2.) The “president” asks for a wire transfer. The “president” asks the employee to wire a large sum of money to a foreign bank account. The employee might be told that the money is for a host of seemingly legitimate purposes (recent acquisitions, paying off debts, paying vendors, etc.).

 

3.) The “president” pressures compliance. At this point, many employees may question the unusual request or the break in typical company protocol. That’s when the “president” deploys psychological pressure on the employee to accept the scenario as genuine and comply with the request. Those pressures can rely on a number of different factors, including the following:

1. Authority—The criminal will emphasize their rank to convince the employee. This offers the criminal many options, such as using that authority to intimidate the employee or preying upon the employee’s desires to impress a superior.

2. Time pressure—Criminals will often claim that the transfer is an urgent matter, forcing the employee to ignore typical protocol and eliminate the chance that they might disclose the transfer to another party or verify the information before making the transfer.

3. Secrecy—Often deployed in conjunction with time pressure, the “president” may emphasize that this deal must remain secret for strategic or legal reasons. Having the employee “in” on the secret can make them feel special and thereby increase the chance that the transfer will go through.

4.) The employee makes the transfer. The employee contacts the bank, and the bank then makes the transfer. Even if it is unusual, the bank will transfer the funds to the account if the employee making the request is authorized to do so.

 

 

 

Cyber Assessments:

With the increased usage of technology in people’s lives to stay connected while mostly working from home, cybersecurity threats have also become a growing issue and require proper assessments to manage any security gaps and risks that can harm your business.

Therefore, it’s important to conduct proper cyber assessments to mitigate the possibility of having your company’s cybersecurity system breached.

Get a FREE Cyber Risk Assessment to see if you’re properly protecting your business from cyber risks: