The CEO phishing scam is when an employee gets a fake email from their CEO, asking them for something "urgent," something that normally would require a more complicated procedure like transferring funds or giving access to information.
This scam has been going around for a long time, so what makes it more dangerous now?
Clean up your browser and prevent future scams
The fact that the majority of businesses have switched to remote working amid COIVD-19 has created a new set of cybersecurity risks. Mostly the same computer is used for both personal and work needs, and the amount of time spent on the computer is much higher. Each employee is working from a home environment, something that is much harder to manage from a Cybersecurity aspect as opposed to having everyone on the same network in the same space.
When working in the office, it would be more likely that the CEO would ask directly for the so-called favor, call, or come talk in person. While working remotely, we're getting used to our entire communication being ready & type. So an email from the CEO suddenly doesn't seem so odd, as they can't knock on the door and ask for it in person.
How does it work?
Hackers can target any business, big or small. All they need is the name of the CEO and to start sending emails to firstname.lastname@example.org. They can even look for specific titles on LinkedIn, Facebook, and get more information about the employees.
Timing is everything
Hackers are smart. They will send this email late at night, early in the morning, when using the "urgent" card makes more sense. This should be the first red flag when getting such an email.
How to avoid falling for the CEO phishing scam
- Always, always, check the sender's email. Not their name, their email. Anyone can change the name that appears when they send an email, but an email address is much harder to obtain.
- Be Alert: Does your CEO regularly contact you via email? Before rushing to answer and wanting to solve, take a minute, think if this makes sense at all.
- Double-check: Even you think this email is from your CEO, double-check with the CEO themselves to make sure it's safe, and they will appreciate your awareness.
- Keep your staff and co-workers educated on Cyber Security, especially during these times. Coronavirus has tripled cybercrime reports by three times.
- Urge everyone to use browser protection. Browsing with a protection tool can help prevent many scams and malware from reaching your browser.