The bad guys are moving fast with this one, and I’m warning as many people as I can. It’s CEO fraud. What is it, you ask? Simply put, the bad guys are using Social Media to target a specific group, CEO’s. The CEO’s being targeted are primarily in the United States and this is how they do it. They prospect. Just like you do in your marketing and sale process these guys actively hunt the Internet looking for CEO’s to target. The reality is as a CEO, you can’t hide. It’s not smart from a business standpoint and if you think about all the places you have to register simply removing yourself from your Web site or LinkedIn will make it a little harder, but not impossible to find you and target you.
Their tactics are nothing new, nothing you haven’t heard before. Trying to get you or an employee to click on a malicious code with the ultimate goal of trying to hijack your data and or bank account. They prefer the latter but sometimes it’s just easier to extort you for your data than to try to steal your banking information. More importantly, the tactics and automation now in place by the bad guys is making their jobs much easier. I’ve always preached that the organized cyber criminals are constantly monitoring how the general business population protects themselves and how they react to certain threats to develop well thought out plans and processes to defeat them and execute their destruction. It’s no different here. The bad guys know most companies provide some kind of training about what to click on and what not to click on. However, now they are using social media to monitor a vast array of social media accounts and when people change employers. When a social media user changes their profile to your company or a company on their target list, they immediately become a target, preying on your new employee and hoping to “get” them before they received their awareness training. What new employee wouldn’t be eager to see what the CEO just e-mailed them?
So what can you do to protect yourself from this type of CEO Fraud?
- Implement your awareness training to your employees early on in the orientation process, preferably before they are allowed to logon to a computer on your network.
- Find out if hackers can spoof an e-mail address of your own domain and successfully deliver it to your employees inbox
The bad guys will attempt to see if they can spoof the email account of the CEO first, if they can do that making you a victim of “CEO Fraud” is pretty simple for these criminals.