Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Proofpoint: "45% Surge In CEO Fraud" And Domain Spoofing Even Higher [infoGraphic]

CEO Fraud, aka Business Email Compromise (BEC), is skyrocketing. Proofpoint recently conducted research into these types of attacks across more than 5,000 enterprise customers. Their research shows a clear acceleration in attack sophistication and volume. 

Who Were The Two Big US Tech Companies That Lost $100 Million In CEO Fraud?

In an update on an earlier post of April 2016, more detail came known about this massive CEO Fraud spear phishing attack that tricked 2 American tech companies in wiring a whopping 100 million to bank accounts controlled by a crafty scammer in Lithuania. The press was all over this like white on rice, not mentioning that it initially was discovered April last year. The big mystery is exactly which 2 companies fell victim, because the court documents do not reveal the names.

Campbell County Health Falls Victim To W-2 CEO Fraud

And another one.  You have to watch it, the tax scam season is back in full swing. 

Full W-2 information including SSN# for more than 1,400 employees who worked over the past year at Campbell County Health were mistakenly released sometime Wednesday to someone using CEO Fraud. 

“It appears that an unauthorized individual, impersonating a CCH executive, contacted an employee requesting W-2 information for all of our employees who had taxable earnings in calendar year 2016,” said Andy Fitzgerald, CEO of Campbell County Health.

Sedgwick County Loses $566,000 Due To CEO Fraud

WICHITA, Kansas - A Georgia man has been arrested on federal charges he carried out an e-mail spoofing scheme that cost Sedgwick County $566,000. 

George S. James, 48, Brookhaven, Ga., is charged with one count of wire fraud. An FBI agent’s affidavit shows investigators following an electronic trail that led them to James after Sedgwick reported the theft of funds that were intended to pay Cornejo & Sons, LLC, for work done on a road project.

Why You Should Be Afraid of CEO Fraud [INFOGRAPHIC]

AI-powered ransomware is coming, and it's going to be terrifying

Business Insider started an article with the following: "Imagine you've got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you're planning to meet. It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client's email mannerisms, with a virus attached to the map.

Investment fund loses $6 million in CEO Fraud and shuts down

CNBC reported some pretty stunning breaking news. I cannot come up with a better case for new-school security awareness training for employees in accounting and HR.

A lawsuit filed on Friday September 16, 2016 by Tillage Commodities Fund alleges that $6 billion SS&C Technologies Holdings, a financial services software firm, showed an egregious lack of diligence and care, when they fell for a CEO fraud scam that ultimately led to hackers in China looting $5.9 million. 

Seagate Sued By Own Employees For CEO Fraud Attack

Hard drive manufacturer Seagate was sued by its own employees as the result of a successful CEO fraud attack where all the personal information of 10,000 existing and former employees were stolen in an online phishing scam. Seagate lawyers defend the company claiming that the organization is not responsible for data leaks and that the attack was unexpected. Really?

Having some Phun With Phishers - CEO Fraud Blow-By-Blow

For the last 9 years I have been a board member of the public/private  Clearwater Downtown Partnership.  And as many public organizations, all the board member information is freely available through the website. 

So, some half-smart phishing scammer sent me a CEO fraud email, demanding I send money urgently to a bank account. It was clear as daylight checking the headers that it was a fraud. I decided to see how long we could keep that going, here is the whole email exchange blow-by-blow:

Cyberheist Nets 44 Million In Single CEO Fraud Attack

Earlier in August, one of the world's largest cable manufacturers Leoni AG publicly confessed that it had fallen victim to a classic CEO Fraud attack that has cost the company a whopping 44 million dollars. Following two weeks of intensive investigations, new details surfaced and the thieves turned out to have used sophisticated social engineering tactics combined with email spoofing. 

The attackers crafted emails to appear like legitimate payment requests from the head office in Germany and sent them to a subsidiary of Leoni in Bistrita, Romania. 

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews