One of our clients fell victim to the CEO scam and lost thousands of dollars. I would like you to avoid becoming the next victim.
What it is: The CEO scam is a social engineering attack. The scammers look for public information to tell them the name and email address of the CEO of the company. Often they will email the CEO with the hopes of getting a reply that contains an email signature. They will then call the office and ask who handles banking for the company. These are not unusual questions. Sales people making cold calls asking similar questions everyday. Next the scammer registers a domain name that looks like your domain name. Then they send an email to the person that handles banking for your company, from the CEO, asking that a large sum of money be transferred immediately. The email is of course not from the CEO it is from the scammers.
Now you may be thinking that this couldn’t happen to you. Wouldn’t you recognize that the CEO emailed you from a different domain name? Let’s find out. Here are examples using harbor’s domain.
Which one of the above is my correct email address? If you said the 3rd one from the top then you were correct. Now image these email addresses being in the TO section of an email that has the email signature I normally use. Would you notice? Probably not. This is how the scammers are able to make money.
No only did one of our clients fall victim to this scam but several IT friends of mine also had clients hit this week. It’s happening everywhere.
What should you do? You should immediately adopt a new policy. It can be anything that makes sense for you and can’t be spoofed. Our suggestion is that if a funds transfer is requested via email that the CEO should follow it with a text message that includes your safe word. This is a type of two-factor authentication.
Training, Training, Training As computer systems have become more secure attackers are resorting to social engineering, phishing and spear phishing attacks. The ONLY defense to these types of attacks is an educated user. It is important that your staff be educated on how to avoid and how to identify these types of attacks.
Training is so important that we have purchased a license of a training program for each of our clients. If you haven’t used yours yet, please ask us for it. We are also available to come in to lead a training session. So much has changed in recent years that training is absolutely necessary. Please schedule some training with us. It will not only protect you from the CEO scam but also from Ransomware and other attacks like it that require you to open something, click something or do something. We can teach your staff how to recognize these things and keep your business safe.
– Amy. President, Harbor Computer Services
p.s. Did you know that you’re probably the only person in your office that is getting our blog posts? Forwarded it on or have us sign them up for our list
About Harbor Computer Services
Harbor Computer Services is an IT firm servicing Southeastern Michigan. We work exclusively under contract with our clients to provide technology direction and either become the IT department or provide assistance to the internal IT they already have. We have won many awards for our work over the years, including the worldwide Microsoft Partner of the Year in 2010. We’re the smallest firm to have ever won this most prestigious award. Most recently we were recognized as one of the top 20 visionaries in small business IT by ChannelPro Magazine (2015). And in 2016 as the top Michigan IT firm for Manufacturing. There are a few simple things that make Harbor Computer Services the best choice for your business. •We are Professionals •We are Responsible •We are Concerned About The Success of Your Business