January 29, 2019

Can Your Team Be Tricked by CEO Fraud?

by: Align

07Z

Today, a new CEO fraud phishing scam surfaced, whereby criminals are tricking users into purchasing $4000 in gift cards. Here’s what you need to know about this latest campaign:

Latest CEO Fraud Scam Details

  1. The bad guys impersonate the CEO of a business, using their name and a fake email address to contact employees. If recipients aren't careful enough when reviewing emails, they can overlook the fraudulent email address.

  2. In the email body, the scammer expresses urgency, claiming that they are swamped and need your help with a project asap.CEO Fraud phishing scam

  3. The criminals then strive to establish a trustworthy pretext for employees, alleging that the plan involves purchasing gifts to celebrate the team's hard work. Next, they request that the project remains in confidence, building trust while simultaneously ensuring the victim doesn't inform any coworkers about the request and potentially triggering any red flags.

  4. The scammer tasks the employee with buying $4000 worth of physical gift cards at stores and then emailing or texting the numbers to "the boss." Note that the average range for these gift card phishing schemes varies from $500-$2000.

  5. At the conclusion of the email, the criminal offers the recipient to keep one of the gift cards, incentivizing the plot to motivate the victim to comply. In actuality, this is a ploy that, in a way, endeavors to turn the victim into an accomplice.

This version of CEO fraud is a brief, intelligent bribe urging recipients to complete a task that is mutually beneficial.

How many of your employees would leap at the opportunity to receive a crisp $200? 
Regrettably, our guess is more than a couple.

Prevention Techniques

Without proper cybersecurity awareness training, a single email could convince one of your employees to send money to a cybercriminal. As a best practice, never adhere to demands similar to the one described above and always vet the request first by contacting your boss directly via phone.

Security awareness education fosters a culture of cybersecurity and instills best practices company-wide to thwart off threats and be more mindful when interacting on the web or with email.


For more information regarding Align's cybersecurity solutions and education modules visit here.

Looking to bolster your firm's cybersecurity? Interested in learning about potential risk management solutions for your business?

Contact us by clicking here or on the button below. 

Contact Us ➜

Continue Reading

Related Articles

★★★★★

“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC