Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Hackers Request Aging Reports to Identify Their Next CEO Fraud Victims for Them

    CEO Fraud ChecklistRather than attempt to hack user credentials and gain access to Accounts Payable applications, hackers are now impersonating the CFO and obtaining all the detail they need to launch a scam.

    In a decidedly smart move, hackers are now shifting tactics to make it easier to build a list of potential victims to defraud through false wire transfers. Traditionally, this is accomplished by hacking into the AR application from company “A”, and then phishing the AP department in company “B” to trick them into modifying banking details to a hacker-controlled bank account.

    In a new twist, hackers impersonate the CFO of company A and request an updated aging report together – a list of outstanding invoices – complete with up-to-date contact details for each of the customers that had unpaid overdue invoices.

    So, without needing to do little more than pretend to be the CFO via email, hackers are handed a list of their potential victims. The next stage in the attack would be to pretend to be the AR department in company A and send each of the individuals identified in the aging report asking them to pay their invoice and use new banking details.

    Organizations need to have processes in place whenever any kind of information is requested relating to payments – whether those that need to be paid or those that should be received. Hackers are constantly looking for new ways to extract this information to use for their own purposes.

    Putting Security Awareness Training in place helps to educate users in these departments about scams that target financial data, details, and transactions. It’s imperative that anyone touching any part of an organization’s financials should continually undergo this form of training to avoid exposing the company to risk of fraud and theft.

     

    Return To KnowBe4 Security Blog

    Get Your CEO Fraud Prevention Manual

    CEO-Fraud-Prevention-Manual-WP-FannedCEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

    Get Your Manual

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/ceo-fraud-prevention-manual

    Topics: CEO Fraud

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews