CEO FRAUD

The social engineering scam that regularly evades traditional email filters

WHAT IS CEO FRAUD?

CEO Fraud is a Social Engineering Scam that involves a hacker impersonating a company executive to trick an employee, usually in the finance or HR department to action a financial transaction like a wire transfer, or disclosing confidential data like tax information or payroll records. They are highly targeted, extensively researched, and regularly evade detection by traditional email filters because they usually contain no malicious links or attachments, use language found in legitimate emails, and are sent from new domains/addresses not found on any Real-Time-Block-lists (RBLs). Even for well-trained and vigilant employees, CEO Fraud scams can be very convincing and often result in compliance, which leads to financial and/or data loss.

Losses Exceed $26 Billion

Business email compromise (BEC) and email account compromise (EAC) losses have surpassed $43 billion globally.

(source: FBI)

17,607 Attempts in 2020

In 2020 there was a total of 17,607 seen attempts at implementing a CEO Fraud scam, up from 13,055 at the end of 2020.

(source: Statista)

1/3 of all Cybercrime Losses

More than a third of all cybercrime losses can be attributed CEO Fraud/BEC. $2.4B lost by US businesses in 2021.

(source: IC3 Crime Report 2021)

WHAT DOES CEO FRAUD LOOK LIKE?

Unlike mass spam or phishing campaigns, CEO Fraud attacks are highly targeted. They often contain no malicious attachments or URLs, which helps evade detection by traditional techniques.

Typosquatted Domain

The attacker has legitimately registered a ‘typosquatted’ domain. Look more closely at the first ‘p’, it is actually the Greek letter ‘Rho’ ρ. Cyrillic characters are often used in typosquatted domains and can be extremely difficult for a busy employee to notice the slight differences. It will likely pass SPF, DKIM and DMARC checks too.

No Links or Attachments

The absence of links or attachments, renders AV engines and sandboxes obsolete. To the recipient, this email may look indistinguishable from a genuine one.

Social Engineering

Posing as the CEO, the attacker is using language to that creates a sense of urgency and exerts significant pressure on the recipient to comply.

HOW DOES MESH PROTECT AGAINST CEO FRAUD?

Mesh applies over 250 unique filters to every single email it processes, protecting against the full spectrum of email attacks. Combining machine learning, predictive threat intelligence and advanced content analysis, Mesh identifies indicators of compromise, fraud, impersonation, phishing, malicious content, spam, and unsolicited marketing emails, keeping organizations and their people safe.

Impersonation Detection

Mesh analyzes email content, language, tone and cadence, combined with checks against the sending domain, display name, and username, for matches and/or similarities with the recipient organization.

Contextual Banners

Informed employees are safer employees. Banners can be applied to emails warning of danger or advising caution, empowering employees to safely navigate their inbox. Banners are customizable.

Predictive Threat Intelligence

Knowing what regular email traffic looks like makes it easier to recognize anomalistic email. Mesh utilizes a combination of Passive DNS Sensors, Deep-Relationship Analysis, Neural Networks and other information sources to detect abnormalities.

Its ability to detect emails specifically targeting high-risk individuals is incredibly reassuring

Mesh has significantly reduced the amount of email-related tickets we receive. The ability to manage everything centrally from partner level makes our job so much easier - we can make changes for all clients in one go. Onboarding was quick and painless, both our engineers and end-users took to it straight away.”

Get the full case-study ⟶

Jason Gilmer
Network Admin at Reading Bakery Systems