CEO Scam Email

September 23rd, 2015
CEO Scam Email

AGJ Systems and Networking
We first discussed this scam email threat a few months ago, but a recent increase in sightings on the Gulf Coast warrants a second mention...

The FBI recently announced that there is a 270% spike in damages caused by the CEO email scam. This is a scam in which cyber criminals spoof emails from executives and ask employees to send wire transfers.

Between October 2013 and August 2015, almost $750 million was lost due to CEO scams, and there have been more than 7,000 companies in the U.S. that have fallen victim to this scam (

The key point is that stats show that between 2013 and 2014, less than 2,000 companies were affected and only $179 million had been lost due to this scam. That means that the majority of the damage has happened recently.

With this scam, the attacker usually begins with phishing an executive, installing a Trojan, and gaining access to that individual's inbox. Then they research the organization and wait until the right time, such as the executive going out of town. They then spoof the CEO's email address and send messages to employees asking them to perform a wire transfer.

This scam is also filtering down to the consumer level. People that are in the process of buying a house and need to transfer a sizable down payment are receiving an email from their lawyer or realtor to transfer that down payment to a certain bank account. When they call the next day to check if the money has arrived, the lawyer tells them they did not send any transfer requests, but the money has disappeared in the meantime. The same scam is done with spoofed emails from financial brokers.

What you can do about it:

Alert all executives and employees. Awareness is the best line of defense. Part of the awareness comes from employees who are being asked to make the wire transfer. They should always talk to the person seemingly making the request to get positive authorization before performing any financial transactions.

Other awareness comes from executives and employees who are getting socially engineered in such a way that the attacker is able to get access to sensitive company information. So for that, keep an eye open for the warning signs. Here are a few:

  • Any email asking you to supply private company information.
  • Look for slightly misspelled email addresses. Instead, it might be YourBoss@Company.comAt first glance, this makes it look like it's coming from a legitimate email address, but upon closer inspection, you see that it's actually different.
  • If it just "feels" unusual.
  • Includes an attachment you weren't expecting.
  • It was sent to multiple, random people in your company.
  • It says the sender is trying to send you something (money, a shipment, a document) but needs additional information from you in order to complete the transaction.
  • A hyperlink that says one thing, but when you hover over it, it shows a different URL.

None of those items by themselves mean that the email is absolutely an attempt at social engineering, but they are a precursor for the most common attempts. So be careful and verify.

And always be on the safe side; if you're not sure about something, you can always give us a call and we'll be happy to help.