CEO Fraud Protection

PhishProtection Technology Protects Against CEO Fraud

CEO fraud exploits a particular human weakness

CEO fraud is a scam in which the attackers spoof the email account of a CEO or other high level executive to deceive employees into providing information or making money transfers. These types of attacks are surprisingly difficult to prevent without solid email phishing prevention because, receiving an email from a CEO has a powerful effect on employees who want to comply.

This phenomenon is called “authority bias” and it results in people giving greater importance to the requests by authority figures without regard to content. Consequently, the bias has a disarming effect on employees’ judgment and critical thinking.

CEO fraud has a high degree of success

The results of a CEO fraud test conducted on numerous companies found that 90% of the attempts succeeded, compared to only 30% for phishing attacks. Additionally, the FBI said that about 25% of U.S. victims respond to CEO Fraud by wiring money to fraudsters.

What makes CEO fraud even worse is that it’s rarely reported because of the damage such news can do to an organization. It’s estimated that the FBI is only aware of 20% of the total, so the actual number could be five times greater than that reported.

There are three types of CEO fraud emails

CEO fraud emails tend to fall into one of three main categories:

  1. “I’m unavailable” – The attacker, impersonating the CEO, requests an urgent transaction from an employee and mentions that they are unavailable.
  2. Direct billing – The attacker, impersonating the CEO, supplies the details required for a money transfer to the unsuspecting employee and requests that it be done immediately.
  3. Emails with malware – The attacker, impersonating the CEO, sends an email with an attachment that appears to be an invoice, but is actually malware.

Take a holistic approach to CEO fraud prevention

Comprehensive CEO fraud protection requires a holistic approach which incorporates employee education, strict payment policies and advanced anti phishing software. While the first two are important, they still rely on the weakest link in the security chain: people.

The best way to prevent CEO fraud from happening at your company is to make sure the fraudulent emails never reach the unsuspecting employees. The only way to do that is with phishing technology that also includes spear phishing protection.


How technology can protect your company from CEO fraud

The technology to prevent fraudulent emails from reaching intended victims is called DMARC (Domain-based Message Authentication, Reporting & Conformance). It’s part of our layered defense that includes phishing and malware protection, virus protection, domain Impersonation protection, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) validation.

In combination with good training, these are the best last line of defense. If your company isn’t using Advanced Threat defense,  DMARC with SPF + DKIM, you’re not taking full advantage of available technology to protect your organization from CEO fraud.

Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7. On any device. With features you’d expect in more expensive solutions:

All Plans Come With

  • Stops business email compromise (BEC)
  • Stops brand forgery emails
  • Stop threatening emails before they reach the inbox
  • Continuous link checking
  • Real-time website scanning
  • Real time alerts to users and administrators
  • Protection with settings you control
  • Protection against zero day vulnerabilities
  • Complete situational awareness from web-based console