A windfall with minimal effort
The CEO scam involves fraudsters convincing someone to make a large transfer urgently. They do this by posing as a legitimate person (often the CEO) who demands this type of transaction.
These cyberattacks, also known asfake international transfer orders (FOVI) or CEO fraud, are classified as social engineering attacks. They target a very specific category of employees: those in positions where they have control over and access to the organization's finances. And they do so without having to go through a third party for any kind of validation. The victim, unaware of anything suspicious, allows the cyberstalker to quickly carry out their misdeed.
This request, which is always made by a supposed superior, plays on emotions and a lack of discernment. The cybercriminal attempts to psychologically manipulate the recipient in order to achieve their goals. The email usually mentions a sense of urgency. The user therefore does not take the time to ask the right questions, think things through, or forward the email to a colleague. FOVI is often requested on the eve of an important event for your organization, when your superior is absent and you are solely responsible.
A well-established fraud
These attacks are therefore always premeditated. With sufficient information about your organization and you, cybercriminals know who to target and who to attack.
A statement from the national police indicates that in five years, there have been "2,300 complaints filed, even though many companies do not dare to report incidents for fear of bad publicity."
How can you protect yourself from the President scam?
It is therefore essential for your organization and for yourself to follow certain rules of good conduct:
- Train users about the risks of the internet;
- Include in the IT policy the best practices to adopt at your workstation;
- Call the alleged sender of the email you received to ask them to confirm its origin.
- Raise awareness among financial services in particular to protect themselves against this type of attack;
- Secure payment procedures;
- Strengthen communication systems between employees;
- Establish rules with the bank so that it can refuse a transfer;
- Prepare employees to work in urgent and stressful situations so that they continue to exercise critical thinking in all circumstances.
