CEO fraud was probably one of the most devious forms of cyber crime. Above that, it is the highest form of social engineering.
Do you know that feeling when you get to a project and you’re thinking: how in the hell could this have happened?
Recently happened to me in the form that I was called, and sitting in a helicopter being airlifted to a midsized organization in which The most complex case of the CEO Friday I’ve seen today it had happened.
In short: the perpetrators head injected malware into the email server of the organization, thereby being able to monitor both the CEOs and the CFO$ mailboxes permanently.
The CEO was about to contact to deal with an organization in London, and all of his itinerary was in his mailbox; even The telephone number of his hotel.
Long before this happened, the perpetrators had hired someone with a similar voice to that of the CEO, and above that spoke his native language. The CEO used Voice Memos frequently, which allowed the perpetrators to also copy a style of speaking.
The CEO arrived in London, and the deal did not come to fruition. However, the perpetrators called the CFO and the organization, and the impersonator they had hired claimed that the deal had in fact been signed.
The impersonator then gave the CFO the bank details upon which DCF I will execute the transfer of €25 million.
Upon the CEOs returned to the organization into the office A day later to see if I congratulated him to the deal closure.
The CEO then replied that the deal had not been closed, and the things started to unravel
The damage turned out mildly, and we put the necessary precautions and methodology is in place so that the kids like that can never repeat again; at least not with this organization.