Questioning the Boss to Prevent Theft?

  • Identity Fraud, Security

Questioning the Boss
There has been a growing trend recently of cyber thieves committing high value thefts by spoofing the e-mail accounts of c-level executives to initiate unauthorized international wire transfers.&nbsp; These e-mails typically appear to come from the CEO or CIO, requesting that an employee perform a wire transfer.&nbsp; According to a <a href="http://www.ic3.gov/media/2015/150122.aspx">recent alert </a>by the FBI scams of this type (also referred to as Business E-mail Compromise or CEO Fraud) have accounted for at least $215 Million in theft within a 14 month period alone. <p>&nbsp;</p> <p>There are many reasons why these efforts by cyber thieves have been so (unfortunately) successful, chief among those are: </p> <p><strong>Basic Psychology</strong></p> <p>Employees from entry level through middle management are typically hesitant to question requests from upper level management.&nbsp; This hesitance to question the validity of a request is crucial to the success of this type of scam, as a simple &ldquo;I just wanted to verify that you requested this wire transfer&rdquo; would prevent the wire transfer from being sent.</p> <p><strong>E-mail Spoofing</strong></p> <p>It is remarkably easy to spoof an e-mail (make an e-mail appear that it is coming from a different address than it is actually being sent from), but outside of technology related fields few individuals are aware of how easy this is to accomplish.&nbsp; </p> <p><strong>LinkedIn </strong></p> <p>LinkedIn is extremely useful for networking and professional development.&nbsp; Unfortunately, the professional social media platform also makes it remarkable easy for Cyber Thieves to identity the names and titles to target with the fraudulent e-mails as well as the names and titles to masquerade as.</p> <p><strong>Corporate Branding</strong></p> <p>Most businesses follow a consistent branding strategy, including standardized e-mail signature lines.&nbsp; This makes it relatively easy for cyber thieves to make an e-mail appear to be from the c-level executive beyond just the spoofed e-mail address.</p> <p>Out of the reasons noted above, only one contains a simple fix.&nbsp; By simply confirming any unusual money transfer request with the individual who made the request you can easily thwart an attempted theft for your business (and yes, that does mean questioning a request from your boss!)</p>