Surprise! In Which Country Do All The CEO Fraud Gangs Reside?

Criminal gangs are behind CEO fraud

A new study by Agari concludes that, despite all the finger pointing and attention some countries’ services have been getting for their phishing attacks, the big threat still comes from criminal gangs.

Here is your quick Executive Summary:

97% of people who answer a CEO Fraud email become victims
The average CEO fraud incident included a payment request of $35,500 (ranging from $1,500 to $201,805)
24% of all observed email scam attempts between 2011 and 2018 were CEO fraud even though CEO fraud only started in earnest in 2016

And what’s that country?

Many of those criminal gangs continue to operate from Nigeria, of the ten gangs engaged in the email scams that Agari studied, nine were based in Nigeria. Conclusion: the old Nigerian 419 scam has upgraded big time.

While business email scams are relative newcomers to the world of online crime, becoming popular only as recently as 2016, they’re now the most common kind of attack, accounting for 24% of phishing emails.

Patrick Peterson, Agari’s Executive Chairman said: “The sad irony is that these foreign adversaries are using our own legitimate infrastructure against us in attacks that are far more damaging and much harder to detect than any intrusion or malware.”

BEC, in which the scammer poses as an executive of the business being phished, has the greatest potential for a large, immediate payout. All organizations should make it their policy never to use email to direct fund transfers, and they should train their employees to be aware of this social engineering tactic.

Other scams have similar potential to bankrupt their targets. Real estate brokers, for example, have been targeted with malicious attachments that enable criminals to conduct man-in-the-middle account takeover scams that hit escrow accounts.

Scammers use a multi-step process

An interesting finding of Agari’s study is the multi-step process many of the scammers use: a probe email is followed by one or more follow-ups that deliver the scammer’s punch.

In the case of CEO fraud, a common and effective probe might ask, “Are you at your desk to make a payment?” We have seen that these organized crime groups are starting to automate and script the process of sending these initial probes to their targets.

Interactive training can help a business arm its employees against social engineering. KnowBe4 actually allows you to monitor what an employee who falls for a simulated CEO fraud attack writes back, and automatically step them through immediate remedial training. Agari study here.

—

Cyber Safety Net is a KnowBe4 partner. Reprinted with permission from https://blog.knowbe4.com/surprise-whats-the-country-where-all-the-ceo-fraud-gangs-are. Cyber Safety Net – keeping you safe online. See https://cybersafetynet.net/cyber-security-awareness-training/ to train and strengthen your human firewall. See https://youtu.be/UFpFesrcnvY and https://www.knowbe4.com/security-awareness-training-features/ to learn more.

Tags: Cybersecurity