The Threat of CEO Fraud Extends Beyond the C-Suite
- by Brittany Day

Email risk is at an all-time high for businesses. Threat actors have taken note of the money to be made in this industry, and are devoting more time and resources than ever to crafting highly sophisticated and targeted attack campaigns. CEO fraud is at the forefront of the global email threat landscape, with attacks being reported in all 50 states and in 150 countries. Despite its name, this $26 billion scam is not only a concern for C-suite executives - finance, HR and IT employees and all members of a company’s executive team are also frequent targets in CEO fraud attacks.
What is CEO Fraud and How Does This Scam Work?
CEO fraud - also known as business email compromise (BEC) or whaling - is an email scam in which an organized crime group targets or impersonates a C-level executive within an organization who has access to financial information or other sensitive data. The aim of this malicious scam is to trick an employee into sharing valuable data or conducting a fraudulent wire transfer. So how exactly is this done? Let’s take a closer look at the anatomy of a successful CEO fraud attack:
Step 1: A Target Is Identified
Cyber criminals select a business to target, exploiting information available online in a process known as ‘social engineering’ to profile the company and its C-suite executives.
Step 2: Preparation
Spear phishing emails coming from a compromised or spoofed executive account are sent to an employee - typically within the finance or HR department - of the target company. Malicious actors employ a combination of deception and pressure to exploit human nature. Because these attacks emphasize confidentiality and urgency, the victim is often inclined to take action without checking to ensure that the request is legitimate.
Step 3: Information Is Exchanged
The victim is convinced that he or she is conducting a valid business transaction, and is provided fraudulent wire transfer instructions by the attackers.
Step 4: Criminals Get Paid
Once the fraudulent transfer is made, funds are directed to a bank account controlled by the threat group.
CEO fraud scams can have severe consequences for businesses of all sizes spanning all industries including financial loss, data theft, significant downtime and serious reputation damage, among others. High-speed trading firm Virtu Financial recently experienced the devastating impact of a successful CEO fraud scam firsthand. The firm disclosed that it paid out $6.9 million as a result of a BEC attack that it suffered in May of 2020. In this malicious attack campaign, a threat actor sat on the company's network for weeks - listening, watching and waiting, then surreptitiously tampering with account settings and sending fraudulent emails. The scam ultimately resulted in a transfer of funds to a Chinese bank - and a huge payday for the attackers.
Who Are the Main Targets in a CEO Fraud Scam?
The name of this email-borne cyber attack can be deceiving, as it implies that CEO fraud is solely a threat to the CEO of a company. However, this could not be further from the truth. There are at least four other groups of employees who are viewed by attackers as valuable targets given their roles and the access they have to sensitive information and funds:
Finance
The finance department is an especially popular target in companies that engage in large wire transfers on a regular basis, such as those in the real estate industry. Unfortunately, it is not uncommon for insecure internal policies to solely require an email from the CEO or another C-suite executive to initiate a transfer. As a result, finance employees often do not verify transfer requests they receive.
HR
Human resources presents a great point of entry into a business. After all, HR employees have access to every person within an organization and oversee recruitment. HR employees receive and open thousands of job applications via email. By inserting spyware into a fraudulent application, cyber criminals can gain entry into a company’s systems and surreptitiously sit on corporate networks, gathering sensitive data. Moreover, by targeting HR employees in W2 and PII scams, criminals are often able to gain access to confidential employee information like social security numbers and email addresses.
Executive Team
All members of a company’s executive team are high-value targets for CEO fraud. The majority of these individuals possess some sort of financial authority. If an executive team member’s email account is hacked, cyber criminals are usually able to access a plethora of sensitive information and intelligence, such as insights into deals and business operations.
IT
IT managers and personnel with authority over email accounts, password management and access controls are another high-value target of CEO fraud. If an IT professional’s credentials are compromised, threat actors have ‘hit the jackpot’ - they gain entry to every part of the target organization.
How Can I Protect Against CEO Fraud?
There are various measures that users and organizations should take to prevent CEO fraud attacks. They include protecting corporate email accounts with two-factor authentication (2FA), educating employees on email threats and email security best practices and verifying all wire transfer requests. However, the single most effective method of preventing CEO fraud scams is ensuring that a comprehensive, threat-ready cloud email security solution is in place to fortify business email accounts against sophisticated modern exploits.
Guardian Digital recognizes the importance of safeguarding business email with proactive, layered defenses, and has engineers a innovative solution designed to anticipate and combat the array persistent and emerging attacks that constitute the modern email threat landscape. Through a defense-in-depth approach to security, the use of the transparent, collaborative open-source development model and over two decades of industry experience, Guardian Digital EnGarde Cloud Email Security protects businesses of all sizes in all industries from CEO fraud and other targeted, sophisticated email threats.
EnGarde analyzes hundreds of thousands of attributes of each email that passes through its gateway in real-time, scanning all links and attachments for malicious code and analyzing the reputation of the sender to ensure that only safe, legitimate mail is delivered.
The fully-integrated, remotely-managed SaaS platform implements multiple layers of advanced email authentication protocols to protect users from CEO fraud, email spoofing and other dangerous impersonation attacks. These protocols help assure that every email that reaches the inbox is from who it says it’s from - not a malicious actor claiming to be the sender.
Key features and benefits of EnGarde’s protection include:
- Keeps organizations ahead of persistent and emerging email threats
- Protects against phishing, ransomware, CEO fraud and other email-borne exploits
- Safeguards sensitive data and prevents email fraud
- Fortifies cloud email against credential phishing and account takeovers
- Enhanced security through a modern, multi-layered design
- Seamless integration with all existing mail systems
- Complete end-to-end control of your email infrastructure
- Simplified administration provides a rapid return on investment (ROI)
- Premium 24x7x365 customer support services
While it is critical that employees and executives stay alert and educated on the threats that they face online, users cannot be expected to detect today’s advanced email threats without fail - making the implementation of layered, comprehensive defenses more critical than ever in combating CEO fraud and other malicious attacks.
Interested in partnering with an industry leader to safeguard your users, your data and your brand? Let’s get in touch.
Blog Articles
-
2021
- Thinking Strategically about Email Security in 2021 and Beyond
- There’s a Lot to be Gained with Effective Email Security
- Behind the Shield: EnGarde Cloud Email Security Explained
- Open Source: A Powerful, Yet Underutilized Weapon against Phishing & Zero-Day Attacks
- Buyer's Guide: What to Prioritize in an Email Security Solution
- Buyer's Guide to Office 365 & Workspace Email Security
- EnGarde Cloud Email Security: The Logical Solution to Cyber Risk in Office 365
- Exchange Servers Are Vulnerable - Learn How To Secure Your Email Server Now
- Top Email Security Risks in 2021 - How To Set Your Business Up for Safety & Success
- Ransomware By The Numbers: How Big Is My Risk?
- SMB Ransomware Warnings & How To Prevent an Attack
- Apache SpamAssassin 3.4.6 Release Fixes Two Potentially Aggravating Bugs
- Top Tips and Advice for Staying Safe Online in a Work-from-Home World
-
2020
- Effectively Securing Business Email Accounts: Are Employees the Weakest Link?
- Encryption: An Essential Yet Highly Controversial Component of Digital Security
- Business Email Security Redefined: Key Benefits of Securing Your Business Email with Guardian Digital
- 8 Business Email Security Best Practices
- Demystifying Email Encryption: Stop Sender Fraud
- Demystifying Phishing Attacks: How to Protect Yourself Now
- Demystifying Tax Fraud: How to Avoid Falling Victim to Deceptive, Costly Scams This Tax Season
- Coronavirus Phishing Scams are On the Rise - Is Your Business Email at Risk of Infection?
- Dave Wreski: A Passionate Engineer Brings the Power of Open Source to Business Email Security
- FBI: Existing Cloud Email Protection Inadequate Against Phishing, Ransomware
- Email Risk is Universal: Securing Business Email in Every Industry Sector
- The Remote Worker's Guide to Safely Navigating Office 365
- Why Your Business Needs Better Email Security
- Defending Against COVID Email Spoofing Attacks with DMARC
- You’ve Got Mail: How To Tell If It’s Fraud
- Open-Source Security Is Opening Eyes
- Think Like A Criminal: How To Write A Phishing Email
- The Four Biggest Email Threats Your Business Faces Today
- Everything On DocuSign Phishing Attacks in 3 Minutes
- Understanding Payload-Less Email Attacks in Under 3 Minutes
- Demystifying Fileless Malware in Less than 3 Minutes
- How to Protect Sensitive Data & Maintain Client Trust in Financial Services Industry
- Apache SpamAssassin Leads A Growing List of Open-Source Projects Taking Steps to Correct Instances of Racism and White Privilege
- Cyber Risk Is Greater than Ever in the Legal Industry
- Understanding Malicious URL Protection - And Why You Need It to Secure Your Email
- Email Security for SMBs Beyond COVID-19
- Email Risk Is BIG for SMBs - How To Protect Your Business Now
- The Modern Email Threat Landscape: Where Traditional Defenses Fall Short
- Why Email Security Is More Important Than Ever in This 'New Reality'
- The Threat of CEO Fraud Extends Beyond the C-Suite
- Top Email Security Trends Putting Your Business at Risk of Attack
- Think Like A Criminal: What You Need to Know About Social Engineering Attacks in 2020
- Managed Services: A Key Element of Effective Email Security that Even Modern Solutions Lack
- How to maintain security when employees work remotely: Advice from Leading Security Experts
- FBI: The 2020 Presidential Election Is Under Attack by Email Scammers
- AT&T Security Researchers Identify a Correlation between Strong Cybersecurity and Business Success
- The Aftermath of a Cyberattack Pt. 1: Phishing Recovery Basics
- It Pays to be Prepared! Ransomware Preparedness & Recovery Basics
- Breaking Down Fileless Malware: Anatomy of an Attack
- Office 365 Email Is Vulnerable to Attack Without These Critical Supplementary Defenses in Place
- Keep the Holidays Merry & Bright - Beware of These Sneaky Seasonal Phishing Scams
- Migrating Business Email: The Hidden Complexities You Need To Know
- How Do SPF, DMARC & DKIM Secure Email Against Sender Fraud?
-
2019
- Your Current Approach to Email Security May Not Be Enough
- Ways to Prevent Email Account being compromised in a Breach
- Celebrating 20 Years of Revolutionizing Digital Security
- IBM Closes its $34 Billion Acquisition of Red Hat
- Interview with Security Expert and Author Ira Winkler
- What is Phishing Email? How to prevent Phishing email scams?
- Ways Our Business Email Exceed Your Expectations
- Spear Phishing Protection - Definition & How To Recognize Spear Phishing Email
- What is Whaling (Whaling Phishing)? & How to Prevent Whaling attacks?
- Ransomware Attack Explained - Best Practices For Ransomware Protection
- Business Email Compromise (BEC) - Definition & Prevention From BEC Attacks
- Wire Transfer Scams Involving Real Estate Transactions: How to Prevent Fraud with Effective Email Security
- Guardian Digital and Mautic: A Dynamic Open-Source Duo
- Email Malware - How to Recognize & Prevent Malware Email Attack
- An Open-Source Success Story: Apache SpamAssassin Celebrates 18 Years of Effectively Combating Spam Email
- What is Spam Email - Types & How to Prevent Spam Emails?
- 2020: A New Decade of Digital Threats - Is Your Business Email Secure?
- Linux: An OS Capable of Effectively Meeting the US Government’s Security Needs Heading into 2020
- Complete Guide on Email Security & Threats Faced by Organizations
- Email Virus - Complete Guide to Email Viruses Plus Best Practices
- What Are Zero-Day Attacks & How Can I Prevent Them?
-
2018
- Guardian Digital Keeps its Customers Protected from Intel Design Flaw
- Security Spotlight: Open Source Email Security Solutions
- Top Six Advantages of Open Source Development/Products
- Python and Bash - Contenders for the most used scripting language
- Guardian Digital Outlines Top 4 Benefits of Choosing Cloud
- Unrivaled Protection Against Today’s Most Dangerous Threats
- Guard Your Email Accounts Against Today’s Most Dangerous Threats
- Security Highlights from Defcon 26
- Linux / Open Source FAQs: Common Myths / Misconceptions
- Email Security FAQs Answered by Guardian Digital
- Guardian Digital Mail Systems: Designed to be Secure Without Fail