Combating ‘CEO’ Fraud Scams

Peter Yapp 28 Oct 2020

Business Email Compromise (BEC), Email Account Compromise (EAC) or Authorized Push Payment (APP) scams (sometimes also known as “CEO fraud”) are the scourge of boardrooms around the world. If there was ever a type of fraud to engender angst, this was it. While Ransomware has got all the column inches in the press, BEC/EAC and APP scams have netted the most amount of money for cyber criminals. And the figure is rising year on year. In the UK alone the value of APP frauds has risen from £354m in 2018 (over 84,000 cases) to £413m (over 108,000 cases) for the rolling year ending June 2019 (figures from UK Finance).

In September 2019, the FBI, based upon victim notifications between June 2016 and July 2019, reported the value of domestic and international incidents as $26bn (over 166,000 cases). AIG released their own statistics in July 2019 showing that in 2018, BEC accounted for 23% of cyber insurance claims received from Europe, the Middle East and Asia. Ransomware stood at 18%.

In simple terms, an example of a BEC is when you receive a spoofed email asking you to urgently pay money to a new bank account.

https://haveibeenpwned.com/There are two main ways that the fraudsters get a foothold in your system: Brute-force password attacks (often helped by previous breaches, reported at https:// haveibeenpwned.com) and phishing attacks that entice the user to disclose their username and password.

Schillings recommends the following to avoid falling victim to a BEC/EAC or APP scam:

  • Use two-factor or multi-level authentication for your main personal / critical business email accounts
  • Be suspicious of any emails requesting fast actions, especially if not following your normal procedures
  • Make a phone call to check changes of bank account
  • Monitor bank accounts on a regular basis for irregularities e.g. missing deposits
  • Verify the email address used to send emails, especially when using a mobile device, ensuring the senders email address matches who it is coming from