Since 2003, the FBI has published numerous press releases every year warning of increasingly sophisticated email scams/email fraud targeting high-end firms. By sending emails that spoof executives working at a firm, hackers are able to convince the firm to send unauthorized international and national wire transfers involving large amounts of money. In fact, the FBI reports email fraud affected over 7,000 companies and cost these firms $750 billion between 2013 and 2015.
What is CEO Fraud?
Also referred to as business email compromise scams (BEC scams), CEO fraud begins with CEO email hack professionals phishing managers to gain access to their inbox. They may also phish employees from a domain that appears to be from a company executive. For example, a CEO email hacker might take a firm’s true domain URL –www.firmdomainname.com– and insert a negligible letter or number that would be easily looked over, such as www.firmdomainename.com.
CEO phishing or spoofed emails usually won’t trigger spam catchers because these emails are targeted rather than mass-mailed. A seasoned CEO email hacker has also spent time learning all about their victim organization’s interests, activities, purchasing strategies and business relationships, which makes email spoofs just that much more authentic to spam catchers.
Information needed to implement a successful email scam is gathered by phishers when they “scrape” the email addresses of firm employees as well as pertinent details from the firm’s website. In the case of an CEO email hack incident, cybercriminals will ransack a victim’s emails to find certain words or phrases that indicate whether the firm regularly engages in wire transfers.
The Scoular Company Email Fraud Case
A classic example of a CEO email hack occurrence cost a commodities trader firm called the Scoular Company over $17 million in 2015
Upon receiving emails he thought were from the firm’s chief executive Chuck Elsea, corporate controller Keith McMurtry wired huge sums of money to the Shanghai Pudong Deveopment Bank, an actual bank in China. The first time he sent seven million, the second time he wired nine million and the third time he wired $780,000.
McMurtry did not think the emails were suspicious because he thought they came from Elsea, who he knew was considering branching out the business in China. Moreover, the emails explained that these fund transfers were necessary to implement the secret acquisition of a Chinese business.
Another email told McMurtry to contact an auditing firm employee for additional details regarding where to send the money. Shortly thereafter, McMurtry received an email appearing to come from the auditing firm instructing him to wire the money to the Chinese bank.
When Elsea and McMurtry realized they had been the victims of a CEO email hack, they contacted the FBI, who found out the email addresses originated in various overseas countries, including France, Israel and Russia.
Thus far, Scoular’s funds have not been recovered.
Preventing Email Fraud with Email Encryption Tools
CEO email hacks are more accomplished and versatile at avoiding traditional security strategies compared to schemes supported by intricately devised malicious software such as the GameOver Zeus botnet.
Consequently, firms and even individual consumers need to use security measures that do more than detect malware and viruses. As an email encryption tool that instantly integrates on top of your existing email system, Jumble provides uniquely powerful data security. Without requiring any capital outlay, Jumble can be instantly scaled up or down depending on your organizational or individual needs.