Protecting your organisation from CEO fraud

One of the most costly cyber threats/risks is CEO fraud. 

The attackers impersonate a senior representative of the company by email mostly. 

With a shady excuse they will get in touch with a resource in the company with access to the financial department. 

Under false pretexts they will – from their apparently authoritarian position – ask the employee to issue a payment, pretending the project they need to payment issued for is hush-hush. 

Not to anger their boss, the victim will then issue the payment, and the money is gone. 

That’s it in short… there are dozens of known approaches to executing a CEO fraud with often dire consequences for the company, some of them even have to shut down because they can’t deal with such a financial impact. 

You’re probably going to ask me whether and how such Incidents can be avoided… well, they can’t entirely. 

One of the most important countermeasures is training, training, training of employees. And once you’ve trained them, train them again – just to make sure they have enough training and understand the impact of social engineering on a company. 

That being said… there are software measures than can be taken also. You will have to contact your bank though to look into details of two factor authentication on a per transfer basis… for more complex environments there is a two man rule for wires to be executed on behalf of the company. Wires can also be backlogged and executed by the CFO upon review and approval. The possibilities of reducing this risk are out there; and they are many.

If you need help feel free to give me a call. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.