CEO Fraud and Whaling Attacks are on the Rise

Posted by Gary Fleming on Dec 22, 2016 12:53:55 PM

Topsec have noticed a large increase in the number of CEO or Whaling attacks targeting organisations in the UK and Ireland. These are targeted attacks where the cybercriminal pretends to be the CEO or another senior staff member in an organisation or they impersonate a supplier to the organisation. They send a fake email appearing to be from the CEO to an individual with access to the company’s financial systems, generally requesting a transfer of funds be made to a supplier’s bank account or that a current supplier has new bank account details which they have access to. In some cases they do this by hijacking the CEO's email account for tips on how the CEO would normally construct an email of this kind. In most cases though they would set up an email account and set the display email address (The email address that the recipient will see and assume is the actual sender) to appear as the CEO’s. Yet another way for the would-be cybercriminal is to register a similar domain to the targets such as John.Doe@Test.com instead of John.Doe@Tests.com). At a glance they can look the same.

Read More

Topics: Topsec Email Security, Whaling, CEO Fraud