Business fraud affects businesses of all types and sizes, and there are no individuals within your business that are truly immune from the possibility of a targeted attack. However, there are some people who are more prone to an attack, simply because of the high value of their knowledge or access to the information within the business. Accountants, finance leads and your CEO are some of the most commonly-targeted individuals when it comes to business email compromise (BEC) attacks, more commonly known as phishing attacks. Knowledge is power, and these tips will help keep your CEO from becoming the next victim of these vicious attacks.
While phishing is the most common term that you may hear, there are two additional terms that are often used when it comes to upper executives or more targeted attacks: spear phishing or executive whaling. These more specialized attacks go beyond the broadscale spam of phishing attacks that are meant to net any type of “fish” who is willing to click a link. In a spear phishing or whaling attack, the hacker has researched your business and knows enough from either social media or your corporate website to target specific individuals. Cybercriminals spend the time and effort to find any key vendors for your business or some personal details that will inspire confidence in your executives. The assailants then leverage this information to create a highly specific and tempting message that feels more like a personal email from a known vendor partner or internal asset in an attempt to gain control of your systems or to get access to sensitive information. The term spear phishing generally refers to tactics that are specific to a few mid-level individuals in your payroll or accounting department while executive whaling is targeted directly at your CEOs and other C-suite leaders.
This investment by the cybercriminal is expected to have a high-dollar payoff and there’s only one chance at success — so the hacker has a vested interest in taking the time to do it right the first time. Each subsequent request increases the potential of being discovered and reduces the possibility of a return on their investment of time. The fraudulent emails are often requesting that the recipient transfer a large number of funds, pay a massive invoice or otherwise release information to what the target thinks is a “trusted” party. The FBI estimates that a single targeted whaling attack can release upwards of $150,000 in funds to a cybercriminal, making this an extremely lucrative pastime for these malicious actors.
Coaching your CEO to stay out of the way of cybercriminals starts with an ongoing dose of education. In this case, attackers tend to follow a pattern of sorts that is relatively easy to isolate as long as you’re actively looking for this type of interaction. Receiving an email from vendors that have already invoiced you for the month, or requesting a different payment method that they have not used in the past (such as a direct funds transfer) should be a big red flag for your senior executives. Be cautious of emails that come in from trusted individuals with a slightly different email address; e.g. “@Micros0ft.com” instead of “@Microsoft.com”, as hackers are now spoofing entire mail domains in an attempt to release funds and data from your organization. Funds aren’t the only things that are requested by these organizations — personal information such as tax records also command a high rate on the dark web. This quick flowchart from KnowBe4.com may be a helpful graphic to share with your executive team.
Protecting your organization from the tactics of cybercriminals is not a one-time problem or solution, but requires an ongoing and dedicated effort to foil the efforts of these actors. Keeping your finance teams and senior executives safe can save your organization hundreds of thousands of dollars in remediation and notification costs, not to mention the frustration and difficulties associated with handling a significant breach.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.