CEO Fraud is a type of spear-phishing email attack in which the attacker impersonates your CEO. Typically, the attacker aims to trick you into transferring money to a bank account owned by the attacker, to send confidential HR information, or to reveal other sensitive information. The fake email usually describes a very urgent situation to minimize scrutiny and skepticism.
There are two common ways in which a CEO fraud email is launched. The first is name spoofing, in which the attacker uses the name of your CEO but a different email address. Sometimes (but not always) the email address the attacker uses is similar to the company's domain with a few different letters (e.g., acrne.com instead of acme.com). With name spoofing, the attacker is hoping that the recipient will not notice the incorrect sender address, and will rush to respond. Many email clients, especially mobile email clients, do not display the sender address by default, which can make it hard to spot this attack.
The second form is name and email spoofing, where the attacker uses both the CEO’s name and their correct sender address. In this form of the attack, the attacker typically uses a reply-to address that is different than the sender address, so that your response to the email will go to them.
CEO fraud is a particularly dangerous form of attack because the impersonator relies on the authority of the CEO to obtain extremely sensitive information or even acquire cash. The presence of the CEO as the sender guarantees that the malicious email gets the attention of employees. Many employees are reluctant to question a request from their CEO and will fall into the trap of responding to the email.
Barracuda Sentinel is a comprehensive service that combines artificial intelligence (AI), advanced domain-spoofing detection, and automated user training to prevent CEO fraud attacks. Sentinel provides three levels of protection that include a combination of innovative technology and user training.
Artificial Intelligence (AI) Engine Scans Emails
Sentinel’s AI module is able to spot CEO fraud and other spear-phishing attempts. It learns your organization’s specific communication patterns, and can detect anomalies based on factors that escape the notice of human users. Over time, the AI gets better at spotting CEO fraud attempts, and can automatically quarantine and flag any email that it labels as suspicious.
DMARC Prevents Domain Spoofing
Sentinel also uses Domain-based Message Authentication, Reporting & Conformance (DMARC). This can help prevent domain spoofing (the second form of CEO fraud), by automatically blocking emails coming from a particular domain that are not generated by a legitimate mail system used by that domain.
Automated User Training
Finally, Sentinel includes a user-training module that periodically sends simulated CEO fraud emails to users within your organization. Users who attempt to respond to the simulated attacks are alerted to the fact that they were fooled, and receive additional educational materials to help them learn to spot such attacks in the future.
Learn More about Barracuda Sentinel and sign up for a free trial.