A CFO at a cybersecurity startup receives an urgent email from his CEO, who happened to be on a business trip at the time. “David, we need to transfer $40,000 to X this morning to lock in a discount price from this supplier. The bank details are below. I will be in a meeting so please confirm with me by email it was done. Thank you.” The CEO returns to the office later that day and the CFO proudly tells him that the transaction has been completed.
“What are you talking about?” says the CEO. “I never asked you to transfer any funds!”
This scenario is an example of business email compromise, or CEO fraud, one of the most dangerous types of fraud hitting companies today. Since 2015, losses related to business email compromise have increased by 1,300%. That equates to more than $3 billion lost per year.
Clearly, this type of fraud is a significant problem.
Business email compromise is a sophisticated form of cyberattack where fraudsters spoof the email accounts of top executives to deceive financial departments into making unauthorized payments. Because the emails appear to come from people in authority, others are less likely to question the request, even if it’s highly unusual.
There are several ways to address this rampant cyber threat, including
- Educate employees about CEO fraud and social engineering attacks
- Develop rigid payment authorization processes with financial personnel
- Incorporate dynamic authentication protocols for email accounts
To learn more about the risks of business email compromise and how to protect your company, take a look at this article by BioCatch’s Frances Zelazny and Daniel Shkedi in CSO.