Connect with us

Top 10

CEO Fraud: 4 Steps to Prevent Becoming Today’s Catch



By Stu Sjouwerman, CEO, KnowBe4


Your CEO is emailing you, the finance director for your organisation, asking you to transfer funds from one account to another one. This is standard stuff so you make the transfer and get on with your day. No problem.


Except there is a problem. Your CEO is still tucked away in meetings and hasn’t made the request at all. You realise you’ve been had. A bad guy, hiding behind the guise of your chief executive officer, just tricked you into transferring corporate funds into his personal bank account. Big problem.


Turns out the problem is much bigger than most of us are aware. CEO fraud, also known as Business Email Compromise (BEC), is growing with alarming quickness. By spoofing emails and impersonating executives or suppliers, these criminals trick people into sharing data or making a large wire transfer. The most recent U.S. Federal Bureau of Investigation (FBI) public service announcement on the subject notes that over the past three years, more than 40,000 BEC incidents have cost organisations around the globe more than $5 billion (£3.69 billion).


Businesses think it won’t happen to them, but it does. Aerospace company FACC lost around $54 million to CEO fraud in January 2016; SS&C Technologies Holdings, a financial services software firm, was fleeced for $5.9 million; and hard drive manufacturer Seagate inadvertently shared the personal information of 10,000 existing and former employees that was used to file fraudulent tax returns. Just last Summer, MacEwan University in Edmonton, Canada transferred more than £8 million to what it thought was an existing construction partner.


How it Happens

A day that involves CEO fraud happens like every other day. Staff does their normal tasks and works with the people they usually work with. In fact, the MacEwan University example above involved local contractors that the accounts payable staff members worked with very regularly.


Most CEO fraud begins with a phishing email. A typical scam looks legitimate, using the correct email address and the proper logo or other asset to pose as a trusted bank, supplier, IRS official or C-suite leader. Social media often spills secrets, giving criminals enough information for them to demonstrate detailed knowledge of the company workings. And, sometimes, an especially shrewd bad guy might even access the network months beforehand, observing habits and protocols to more accurately impersonate the right executive or authority. Taking the needed steps to appear as legitimate as possible, these phishing emails often convince even savvy employees to transfer a large sum of money or share sensitive data.


The question is: Does phishing really work anymore? Yes. Very well. The Verizon 2018 Data Breach Investigations Reportmakes it clear: phishing represented 98 percent of social engineering attacks in 2017, and was involved in 93 percent of breaches.


The targets range from HR and IT teams to C-level leaders and anyone with finance approval. The actual techniques vary. Sometimes an email will mimic a long-standing wire-transfer relationship with a supplier, but ask for the funds to be sent to a different account (as with the MacEwan University example). Or they might hack an employee’s email account to invoice company suppliers, with payments transferred to bogus accounts. Accountants and HR staff might be asked to send employee information or W-2 forms to a new email address.


Because the requests look legitimate and justified, the fraud is rarely discovered soon enough to be stopped. And it’s not just the money stolen that impacts the company. Several lawsuits have been filed on behalf of employees angry that their workplace did not protect their data with stronger security, most notably by Seagate employees in 2016.


Education Matters

 While there is always a chance of an employee or leader falling for a convincing email, investing in your users and making them your last line of defence can go a long way toward deflecting these attempts.

  • Step 1. Who are your high-risk users? Usually you’ll find that senior leaders, HR staff or financial personnel are the ones who have access or responsibility for money or data. Review social networks and aggregator sites like Crunchbase to see how much information is available about them online, especially job duties and contacts from other teams and companies. Then evaluate how easy it would be to impersonate them by email using this information.
  • Step 2. Implement security controls like email filtering, two-factor authentication, access and identity controls, and permission levels. Even though they are not foolproof, they are important parts of a defence in depth strategy. Also, adopt whitelists or blacklists for external traffic. These won’t completely block phishing emails, but they’ll eliminate quite a few.
  • Step 3. Create policies and procedures that can catch hasty mistakes. A strict wire transfer policy requiring multiple authorisations, time delays and identity verification can all go a long way toward preventing disaster and loss. Register as many domains as you can that are just slightly different from the actual company domain. Implement domain spoof protection and create detection system rules that flag any emails using extensions similar to company email.
  • Step 4. Provide security awareness training that actually works – not the gather-in-the-lunchroom-once-a-year kind – so your staff knows how to look for red flags. While most phishing emails are well-architected, grammatical errors and odd wording are usually present and noticeable. Often the company name will be altered slightly: LinkedIn, for example, might show as LlinkedIn. Another warning sign: the request for an expedited turnaround. Criminals want your staff to act quickly, before they can realise something is wrong. If an email repeatedly mentions an “urgent wire transfer” or an “urgent invoice payment” and includes “new account information” or other “new” accounts and changes, it’s a sign of a scam.


What to Do

In most cases, only four percent of funds are ever recovered. Usually the fraud isn’t detected in time for recoupment, with most transfers successfully reaching criminal hands in China and Hong Kong. If you do experience a CEO fraud attack, whether it’s a fraudulent transfer of funds or data, you want to act quickly and follow these steps:


  1. Contact your bank. Provide as many details as possible to see if they can stop or even recall the transfer.
  2. Contact law enforcement, starting with the police who may work with Action Fraud, the UK’s national fraud and cybercrime reporting centre, to recover the funds.
  3. Contact your insurance company to see if your policy covers this kind of attack.


Get with your IT team to investigate and do damage control. That means closing off the attack vector, recovering hacked email accounts, and eradicating malware. Don’t hesitate to bring in outside security specialists; they likely have experience in these kinds of attacks and can suggest new techniques for strengthening your security controls.


Since it works and is often low cost for bad guys, CEO fraud isn’t going away any time soon. Criminals will continue to phish for your data and financial assets as long as technology exists. But by anticipating this type of threat and preparing for it, you can make strides in heading off a would-be attack. One of the most important steps is to educate your workforce and leadership so you can boost awareness and your general security and not become today’s catch.


Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


How Digital Adoption Platforms can enhance digital transformation and customer experience in the insurance industry




By Vara Kumar, CPTO & Co-founder, Whatfix


Like many industries, the insurance sector was prematurely hastened towards digitalisation due to the Covid-19 pandemic. Now, digital adoption continues to be a key focus of many organisations to strengthen their fully or partially remote workforce with nearly 50% of IT spend being put behind the growth of core applications and infrastructure, and an additional 25% being invested into digital solutions.

But with millions of claims processed every year, needing to provide superior customer service to drive retention, complex procedures and processes to navigate and both internal rules and external regulations to follow, digital transformation plans for insurance organisations are filled with challenges.

Increasingly digitalised workforce

With the pandemic came an overhaul of how we work. Remote and hybrid working is now the norm, and across most industries, there’s been a huge expansion in both the number and type of digital applications used to communicate, collaborate and enhance productivity across an organisation.

For the insurance industry, this has meant that every employee, from underwriters to customer service agents, has had to adapt to handling their steps of the process, from setting up coverage to filing a claim, remotely, and across multiple platforms and tools.

The challenge is ensuring this more digitalised workforce fully understands how to successfully navigate each application effectively and efficiently to ensure they can deliver on their services and customer experience (CX). But putting together a skilled, high-performing IT team can be difficult – according to an enterprise study, 54% of organisations said they’re not able to accomplish their digital transformation goals because of a lack of technically-skilled employees. This is further complicated by the fact that, in an age of labour shortages, the sector is forced to get creative and find ways of managing the workload and navigating new technologies with a smaller workforce.

Changing customer expectations

On top of the challenges that the increasingly digitalised workforce is experiencing, the tech-savvy customer of today also expects more from their insurers. Indeed, the pandemic forced customers as well as organisations to become more IT-literate, and in the customer service space in particular, customer expectations are high.

Customers today want and expect to be able to make maturity or house insurance claims in an efficient and straightforward manner, across multiple platforms, from phone to email to social media, preferably in a matter of minutes.

McKinsey observes that improving the value chain from the customer’s point of view is an important step within digital-ecosystem efforts, and HubSpot found that 90% of consumers expect an immediate response to a customer support issue, with 60% defining ‘immediate’ as under ten minutes. Even pre-pandemic 44% of customers were comfortable utilising chatbots for insurance claims, and 43% were comfortable using them when buying insurance policies.

Undergoing a digital transformation on the customer side is crucial then, as insurance providers that can meet these changing customer expectations are more likely to attract and retain customer loyalty now and in the future. However, just 30% of insurers believe that they have the capabilities to fully digitalise their customer experience.

So, what can insurers do to meet the technological demands of a digitalised workforce and a multi-channel CX for tech-savvy customers?

Using DAPs to boost digital transformations and CX

In a rapidly changing market, Digital Adoption Platforms (DAPs) can be a huge advantage to insurers looking to manage the challenges of today and come out on top. A piece of instructional no-code software that sits as an additional layer on top of other software applications, such as Claims Management or Policy Administration Systems, to help train and guide users on how to best use the software, DAPs can massively improve the agility and effectiveness of business processes across an organisation.

On the employee side, for example, DAPs can help insurers to manage challenges of a frequently changing workforce by making it easier for employees to get to grips with new digital applications. With the likes of  guided walk-throughs and task lists, which help employees through each step they need to know and just-in-time nudges to reduce policy administration, claim, or underwriting processing times, employees are more efficient and technology adoption is streamlined and accelerated. Easy to integrate into existing systems, DAPs can be used to not only train and onboard new employees but also upskill veteran workers, training the workforce as a whole on the latest technologies being used across the industry. As a result, everyone from underwriters, claims, and service representatives will better understand insurance tools that will enable them to be more productive and better deliver customer experiences leading to better business outcomes. Indeed, from the customer perspective, DAPs can enable companies in the insurance industry to keep CX positive and smooth. Firstly, by training on near real-life scenarios and secondly, by being able to more easily navigate applications, processes and systems internally, customer service representatives will be able to spend more time and focus on the customer and on resolving their queries, without being hindered by technological hurdles. For example, errors made in policy or claims processing can be reduced if employees can use self-help elements of DAPs to mitigate issues and solve queries themselves, in real-time. As a result, customers will be happier with their service, and more likely to stay loyal to that brand.

Customer-facing platforms can also be improved using DAPs. Typically, legacy apps whether on our phones or online, can make it difficult for users to complete their tasks, leaving them frustrated. With DAP user-specific content and just-in-time support, such as pop-ups, automated walk-throughs and user guides for every part of the user journey, customers can experience a smoother journey and have their queries and issues resolved more efficiently..

Drive efficiency and customer satisfaction

DAPs are already growing in popularity, with Gartner predicting that by 2025, “70% of organizations will use digital adoption solutions across the entire technology stack to overcome still insufficient application user experiences.”

So, now is the time for insurance providers to leverage this technology to facilitate their digital transformation plans. By ensuring their increasingly dispersed and digitalised workforce can use the latest applications to their full potential, and that their customer journey is as efficient and easy-to-use across the multiple channels customers expect, insurers will see huge benefits, from increased efficiencies to improved customer satisfaction.

Continue Reading


Are cyber insurance and incident response budgets the same thing?




Dominic Trott, head of strategy – UK, Orange Cyberdefense


Cyberattacks on businesses increased by 13% in 2021 compared to the previous year. Yet while it’s not necessarily the case that the number of bad actors is increasing, it is the scale on which they’re operating that has broadened exponentially.

In addition, the manner in which cyberattacks are being carried out has also evolved. While some cybercriminals hack for fun, the vast majority of malicious activity is, unsurprisingly, conducted for financial gain and targets organisations on the basis of two simple principles: first, where there is the most value to be targeted; and second, where the attacks are most likely to be successful.

It’s also likely that the full extent of the cybercrime landscape is hidden. Accurate data on the impact of cyberattacks is often hard to come by because, in many cases, the breached organisations are unaware of the full extent of the attack – or even that one took place. They might genuinely not know this information if they don’t have accurate oversight of their digital estate, or keep quiet for fear of incurring legal liabilities or causing reputational damage.

The current security landscape has created the perfect storm for cybercriminals, as cyber insurers and Computer Security Incident Response Teams (CSIRT) often end up fighting over the same budget. Traditionally, it has been relatively easy for firms to obtain cyber insurance coverage at low premiums. However, the heightened cyber risks and exponential growth of ransomware attacks in recent years has led to premiums rising.

The question that businesses often ask, therefore, is ‘why do I need an incident response retainer when I already have cyber insurance? Surely, it’s a waste of money? If the worst does happen, the insurance company will pick up the bill for any damage done after the event’. I would argue that is a short sighted and potentially dangerous approach. Let’s look at the different roles of incident response and cyber insurance.

  1. Cyber Insurance: like other types of insurance, this aims to give businesses a way to ensure that if the worst happens, they can recover some of the costs. Cyber Insurance will likely cover you for some of the tangible costs associated with a breach, but it probably won’t cover all of them. By acting quickly and limiting the scale of the breach, you may be able to reduce the full impact. In addition, some insurance companies will expect you to have demonstrated a level of preparedness before accepting your claim – a bit like having a burglar alarm or dead-bolt locks on your house before a house insurance claim is accepted.
  2. Incident Response Retainer: aims to provide rapid, on-demand expertise in an emergency if the customer calls them immediately after an incident. The key to mitigating the impact of any cybersecurity incident is the reaction time between detection and response. Many companies lack the infrastructure needed to react in a quick and secure manner. Having an incident response team available 24/7 to identify, contain and eradicate threats and to get businesses back up and running as soon as possible may be crucial to their ability to continue successfully trading.


Cyber resilience

But isn’t incident response included in the insurance policy? In many cases, it will be. And perhaps this is where the confusion comes. Cyber insurers will often pay out, but only as long as the incident is covered by an incident response retainer. Their objective is of course to help cover the financial losses that result from cyber events and incidents and in numerous policies, the presence of a retainer agreement with an external incident response provider can help prevent severe losses. This will often bring down the premium of the insurance policy. Having a retainer also means you get to choose the CSIRT team that you are going to be working with in advance. You can assess their credentials, their experience, talk to their other customers – all before an incident occurs.

The key thing here is building cyber resilience. Of course, there is no such thing as complete security. For starters, incident response alone is insufficient to deliver cyber resilience from either a technical or procedural perspective. Good practice advocates that solutions should be in place across the full threat lifecycle. For example, the NIST framework recommends that organisations identify their threats and vulnerabilities; protect against them with security tools and operations; detect threats as they address the enterprise; respond to contain and remediate an incident as it occurs; and recover to take lessons learned from incidents and improve ‘business as usual’ appropriately.

But, leaving an end-to-end approach to threat lifecycle management to one side, having both cyber insurance and an incident response retainer working seamlessly together will at least provide organisations with a fighting chance of continuing their core business functions if and when disaster strikes.


Making cybersecurity a joint enterprise

There are worrying trends emerging in the cybersecurity market. While attacks are becoming more sophisticated and ransoms are rising, there are concerns that there might not be enough money in the still-emerging sector to cover everyone’s needs. So, what can companies do? They should still invest in insurance coverage, but they also need to look for other ways to cover their potential exposure, including CSIRT rapid response teams.

It cannot remain a budgetary decision for a CTO and a CFO to fight over whether to firefight OR recoup what has been lost in cyber-attacks. Both are important. An incident response team is the first port-of-call to help respond to any cyber accident or incident. Then and only then – once the breaches have been made safe – should you call in the moneymen.

Continue Reading



Finance9 hours ago

Hey, Gen Y and Gen Z do you think you can retire comfortably?

By Penelope Gregoriou, technical investment specialist at Alexforbes   Millions of South Africans rely on the money saved in their...

Uncategorized9 hours ago

GDPR: data security four years on

Bruce Penson, the managing director of cyber security and IT support company Pro Drive IT, outlines how GDPR has changed...

Banking9 hours ago

The importance of Customer Experience (CX) for retail banks today

By James Isaacs, President, Cyara   Today’s retail banks face considerable challenges. Open banking initiatives –  that make it easier...

Finance9 hours ago

Getting ready for VAT digitisation: automation is key

Christiaan Van Der Valk, Vice President for Strategy and Regulatory at Sovos, says technology will power real strategic success for...

Banking10 hours ago

Challenging the challenger: Why the digital transformation of traditional banking is key for competing with challenger banks

By Sam Schofield, Senior Vice President: Global Enterprise at Udacity   Monzo and Revolut are only seven years old. Starling,...

Wealth Management10 hours ago

Green with Envy – an Environmentally Conscious Data Center

Mark Fenton, Product Manager, Future Facilities   Environmental considerations are at the top of every business leader’s agenda and an...

Technology10 hours ago

How Digital Adoption Platforms can enhance digital transformation and customer experience in the insurance industry

By Vara Kumar, CPTO & Co-founder, Whatfix   Like many industries, the insurance sector was prematurely hastened towards digitalisation due...

Business19 hours ago

Why do Traders Need a Managed Service Partner?

Jeff Mezger, Vice President of Product Management, Financial Markets, TNS   Does your financial institution have the understanding, resources, talent...

Business19 hours ago

The FCA will take immediate action on customer vulnerability; here’s how firms can prepare.

Author: Jonathan Barrett, CEO and Co-Founder at Comentis   Identifying and supporting vulnerable clients has become a priority for financial...

The Green Revolution In Investing - Sustainable Investing The Green Revolution In Investing - Sustainable Investing
Business1 day ago

How fintech is key to empowering climate action

Attributed to: Rory Spurway, CEO & Founder of CarbonPay   As human activity continues to have a significant impact on...

News2 days ago

Fractional NFTs- A Positive Impact on the Market

Non-Fungible Tokens (NFTs) have been making headlines for quite some time now. The phenomenon is getting a lot of attention...

Technology2 days ago

Are cyber insurance and incident response budgets the same thing?

Dominic Trott, head of strategy – UK, Orange Cyberdefense   Cyberattacks on businesses increased by 13% in 2021 compared to...

Business2 days ago

Ticketing modernization: the key success factors for an outstanding deployment

Arnaud Depaigne, Product Manager, Smart mobility, Fime   Technology has transformed the way we pay, and transport ticketing has been...

Finance2 days ago

How to increase the growth of crypto apps in a challenging market environment

By Alexandre Pham, Vice President, EMEA at Adjust   Crypto and digital assets became one of the hottest tech topics...

Business3 days ago

Businesses must adapt to meet customers’ evolving payment needs

Nathan Shinn, Founder and Chief Strategy Officer, BillingPlatform   From the lingering impact of the COVID-19 pandemic, through to the...

Banking4 days ago

Carbon Neutral and Net Zero: The New Disrupter-in-Chief

Authored by Jason Matteson, Director of Product Strategy, Iceotope   When we think of market disruptors we typically think of...

Business4 days ago

Balancing risk management with a seamless customer experience

By Andrew Davies, VP, Global Market Strategy, Financial Crime Risk Management, Fiserv   For quite some time, measures to mitigate...

Business4 days ago

The need for blockchain to be interoperable and why it matters

By Kai Waehner, Field CTO and Global Technology Advisor at Confluent   In mid-2022, it would be fair to say that...

Interviews4 days ago

How MFA can protect the financial sector from the unprotectable

The financial sector has long been a primary target for threat actors. However, the unique infrastructure of core financial systems...

Business5 days ago

Why a three-step framework can help financial advisers support their most vulnerable customers.

Author: Tim Farmer, Co-founder and Clinical Director at Comentis   We are witnessing a vulnerability epidemic. With the Financial Conduct...