Skip to main content
close search
site logo
Dive Brief

Fake CEO emails dupe companies out of billions

Published July 31, 2017
By
Valerie Bolden-Barrett Contributor
Wikimedia Commons

First published on

HR Dive

Dive Brief:

  • Employees are still falling for fake emails that are supposedly from their CEOs, reports MLive Media Group. This relatively new form of phishing makes emails look as though they’re from C-suite members and ask employees to wire money to designated recipients.
  • Unsuspecting employees regularly interact with the type of recipients in the emails, often foreign suppliers from China, so they have no reason to think they’ve been scammed. Hackers get paid if the scam succeeds, and the money is seldom recovered.
  • CEO fraud attacks cost organizations $5.3 billion in the past three years, according to Cisco’s Midyear Cybersecurity Report (MCR) and the Trivalent Group, a Michigan-based tech firm. The damage not only keeps employees from doing their normal tasks, but it also can require organizations to rebuild their internet security systems and replace computers and digital accounts.

Dive Insight:

The report points out the fast evolution and growing destructive capability of today’s cyber attacks. In the first six months of the year, attackers changed the way they delivered and hid their malware, making it more difficult to detect.

Cisco recommends that employers educate workers about malware so they’re less likely to fall for CEO fraud, update software patches in their systems and collect and analyze data to track the attacks’ sources. HR should step in to direct the training and use a checklist of procedures to follow for creating a cybersecurity policy.

HR departments also are targets for attacks because of the amount of personal employee data they maintain. HR must be especially protective of W-2 forms and tax information, a lucrative target for hackers. HR also must warn employees about keeping their passwords safe.

The report underscores the importance of reducing the time between an attack and its detection to prevent more extensive damage. Employers’ cybersecurity systems must be able to detect and respond quickly to an attack.

An unexpected highlight of the 90-page MCR was how much more lucrative the CEO fraud attack, known to the FBI as business email compromise (BEC), was than ransomware, like the WannaCry attack earlier this year. While still costly for employers, ransomware amounted to only $1 billion in the past three years.

Finally, cybersecurity insurance coverage is limited. If employers don’t patch security breaches in their systems and employees fall for phishing schemes, most insurers won’t cover their losses.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Cloudbeds unveils industry’s first ‘smart hospitality engine’, powered by causal and multimoda…
From Cloudbeds
October 23, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
A10 Networks Outlines Blueprint to Secure and Deliver AI Applications and Help Increase Cyber …
From A10 Networks
October 16, 2024
Cosentino Drives Business Transformation with AI Powered by Celonis Process Intelligence
From Celonis
October 23, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell