Have you been a victim of CEO fraud? Are you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby. What a hacker is doing is they attempt to spoof the email of the CEO of your organization, send a message to your CFO (or whomever is in charge of your accounting) and attempt to have money wired - to their account!
The folks at knowbe4.com recently had a blog post about this trend: https://blog.knowbe4.com/wow-the-bad-guys-are-moving-fast-with-ceo-fraud
Here is an excerpt from the article that is staggering:
No industry is immune to this type of scam. Recent figures reported by the FBI show that in the past 3 years, a staggering 14,032 victims in the US have lost a total of $960 million to cybercriminals due to what they call Business E-mail Compromise. That is a 1,300% increase in reported instances since January 2015!
If those numbers aren't enough to convince you, take a look at some recent news not just in the US but around the world. In January, aerospace company FACC lost around €50 million due to what they call the "Fake President Incident”, their CEO and CFO were fired as a result. A still undisclosed American company lost nearly $100 million due to CEO fraud in April and has since recovered about 75% of that, leaving the total loss around $25 million. As you may guess this doesn't look good so companies try to keep these instances out of the mainstream news as much as possible.
It is not just small companies that need to stay vigilant, companies of all sizes are targeted on a regular basis. All types of employees run the risk of being victims of social engineering which is only the beginning. Hackers are spending more and more time researching employees and companies before they attack in hopes that they will get what they're after.
What can you do to protect yourself?
It's a scary world out there, and unfortunately the balance of being practical and vigilant is not balanced. Security is by no means efficient or convenient, but the "bad guys" are always working tobe one step ahead.