CEO Fraud Protection
Phish Protection Technology Protects Against CEO Fraud
CEO fraud exploits a particular human weakness
CEO fraud is a scam in which the attackers spoof the email account of a CEO or other high level executive to deceive employees into providing information or making money transfers. These types of attacks are surprisingly difficult to prevent because receiving an email from a CEO has a powerful effect on employees who want to comply.
This phenomenon is called “authority bias” and it results in people giving greater importance to the requests by authority figures without regard to content. Consequently, the bias has a disarming effect on employees’ judgment and critical thinking.
CEO fraud has a high degree of success
The results of a CEO fraud test conducted on numerous companies found that 90% of the attempts succeeded, compared to only 30% for phishing attacks. Additionally, the FBI said that about 25% of U.S. victims respond to CEO Fraud by wiring money to fraudsters.
What makes CEO fraud even worse is that it’s rarely reported because of the damage such news can do to an organization. It’s estimated that the FBI is only aware of 20% of the total, so the actual number could be five times greater than that reported.
There are three types of CEO fraud emails
CEO fraud emails tend to fall into one of three main categories:
- “I’m unavailable” The attacker, impersonating the CEO, requests an urgent transaction from an employee and mentions that they are unavailable.
- Direct billing The attacker, impersonating the CEO, supplies the details required for a money transfer to the unsuspecting employee and requests that it be done immediately.
- Emails with malware The attacker, impersonating the CEO, sends an email with an attachment that appears to be an invoice, but is actually malware.
Take a holistic approach to CEO fraud prevention
Comprehensive CEO fraud protection requires a holistic approach which incorporates employee education, strict payment policies and advanced anti-phishing technology. While the first two are important, they still rely on the weakest link in the security chain: people.
The best way to prevent CEO fraud from happening at your company is to make sure the fraudulent emails never reach the unsuspecting employees. The only way to do that is with technology.
How technology can protect your company from CEO fraud
The technology to prevent fraudulent emails from reaching intended victims is called DMARC (Domain-based Message Authentication, Reporting & Conformance). It’s part of our layered defense that includes malware protection, virus protection, domain Impersonation protection, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) validation.
In combination with good training, these are the best last line of defense. If your company isn’t using Advanced Threat defense, DMARC with SPF + DKIM, you’re not taking full advantage of available technology to protect your organization from CEO fraud.
Enterprise-class email protection without the enterprise price
For one low monthly price and no per-user fees, Phish Protection’s integrated email security solution protects your employees from CEO fraud and many other attacks with our complete email protection service which includes SPF + DKIM + DMARC. 24x7. On any device.
Phish Protection also comes with features you’d expect in more expensive solutions:
All Plans Come With
- Stops CEO fraud
- Stop threatening emails before they reach the inbox
- Continuous link checking
- Real-time website scanning
- Real time alerts to users and administrators
- Check 6 URL reputation databases
- Protection with settings you control
- Protection against zero day vulnerabilities
- Complete situational awareness from a single web-based console