Anatomy of a CEO Scam

We talk about security a lot on this site, and there’s a good reason for it. The bad guys are out there and they want your information and your money!

What is a CEO Scam?

A CEO scam is an attack that attempts to disguise a phishing email as legitimately coming from the CEO or high official in your company. These attacks are very clever and prey on your workers by relying on a sense of urgency to accomplish the goal.

What is the Goal?

To get your money. The scammer in a CEO scam is looking for a vulnerability or naivety within your ranks. They will exploit that vulnerability however they can. It is most common that they might present themselves as a CEO of your company to whomever they’ve found to be vulnerable and request an amount of money be sent somewhere…. Straight into the scammer’s pocket.

Here’s How It Works

First, the scammer looks for any public information on your company. Your website is the first place to look. Is the CEO or President named? Are your other employees named? Is there an email address?

Once the scammer has a good portion of information, they might get a little personal and even daring. It’s not uncommon to get a phone call asking who handles the banking in your company. The scammer makes that phone call and boom, there’s your accounting contact. Sometimes, they might email the CEO of your company directly, hoping for a reply. Any reply. Why? Then they have your CEO’s email signature.

Now that the scammer has loads of information on your company, they will create a domain that looks extremely similar to yours. One character can make a big difference. Ask any coder, ONE Character can be hiding within a piece of code that will keep the entire program from running. Let’s look at a couple of different domains…

Notice the difference in the first example? The O in Pottery has been replaced with a Zero. In the second one, the M has been placed with the letters RN, which happens to look a little like a small case M.

*A word of caution: scammers have even better ways to mimic a domain name that look 100% legitimate. So don’t rely on this method alone.

Your scammer is now fully familiar with your company and ready to go phishing.

Here’s what it could look like:

Most commonly, Your vulnerable worker will receive an email. This email will look like it is coming from the CEO or other high ranking person in the company. It has their name, their signature, and the email address (at first glance) looks correct. This email will look legitimate. It will also most likely be short and uses language the gives a sense of urgency. Your vulnerable worker will read this email that says something like “Please deposit $25,000 in (Specified account) ASAP.”

This looks scary to your vulnerable person. They don’t want to disappoint the CEO. They don’t want to mess up. So, they do as requested and deposit the money.

That’s it. Done. Good luck getting that money back.

Next Gen of Scammers

Unfortunately, scammers have become more sophisticated as technology becomes available. They’ve learned adaptability. As soon as a scam is discovered and ways to spot it become widely known, the scammers have moved on to more advanced methods.

Though it’s still used, many scammers have moved into more progressive methods of mimicking a domain. These methods are far trickier than just looking closely at the domain because you may not be able to spot a difference.

So what do we do in that case? We continue with TRAINING, TRAINING, AND MORE TRAINING!!

How do you Prevent it?

Though you cannot prevent a scammer from attempting to prey on your company, you CAN train your workforce to know the signs of a scam!!

TRAINING, TRAINING, AND MORE TRAINING!!! Teaching your workforce to spot a scam before it happens is the most effective way to prevent this type of scam from working.

Secondly, we recommend a policy and workflow that accounts for this type of scam. It should be made policy that deposit requests don’t come via email. You can create a form using Power Automate or on paper or You could put a chain of command approval process in place. At the very least, such a request should be verified by the originator. In other words, pick up the phone and ask “Did you send this request to me?”

Though we work hard for you and bring you the best possible security features and settings possible, it will never be enough. As your IT provider, we cannot prevent scams 100%. But, we do provide sound advice and offer training! Our security training sessions can be catered to your company’s specific needs and situation. Don’t hesitate to call us to discuss your options. A few dollars spent on training can prevent a few thousands or more lost to a scam!!

About Harbor Computer Services

Harbor Computer Services is an IT firm servicing Southeastern Michigan. We work exclusively under contract with our clients to provide technology direction and either become the IT department or provide assistance to the internal IT they already have. We have won many awards for our work over the years, including the worldwide Microsoft Partner of the Year in 2010. Most recently we were recognized as one of the top MSP’s in the nation by ChannelFutures coming in at #40 nationwide. And in 2016 as the top Michigan IT firm for Manufacturing. There are a few simple things that make Harbor Computer Services the best choice for your business. •We are Professionals •We are Responsible •We care about your business

Leave a comment

Your email address will not be published. Required fields are marked *