Introduction:

Information Security regularly sees a type of VIP impersonation email phishing attack known as Business Email Compromise (BEC) or CEO Fraud. CEO Fraud is a scam in which cybercriminals spoof company email accounts to impersonate executives or colleagues. They attempt to deceive an employee or colleague into executing unauthorized wire transfers, sending out confidential tax information, or even purchasing gift cards.

Steps of a CEO Fraud (BEC) attack: 

  1. The attacker creates an email account with the full name of the executive they want to impersonate. Emails sent from this account will seem to be sent from the executive’s name.
  2. The attacker sends a simple email to the victims. These emails are typically small and are only meant to begin a correspondence. Recent examples have the subject of Office, Follow up, or Available and the body of the message might only say Are you available?.
  3. Once a victim has begun corresponding with the attacker, the attacker will explain what they need, why they can’t do it themselves, and why you should not call them. Examples are I am in a meeting, I am too busy, or I am away on vacation.

These phishing attacks use social engineering and prey on the recipient's good nature or quick response to achieve the attacker’s goal. Unlike traditional phishing scams, spoofed emails used in CEO Fraud schemes rarely are identified by spam filters because they are not mass emailed. 

What you can do to protect against CEO Fraud (BEC):

  1. Look for [EXT] in the Subject: of the email. If [EXT] is present then it was NOT sent from a @WPI.EDU user.
  2. Check the From: address of the email. If it is not @WPI.EDU then it is spoofed.
  3. Create an official department directory of email addresses and cell phone numbers personally verified by each person on the list. Official lines of communication are important.
  4. Investigate unusual email requests. If the email seems out of character for your executive or colleague contact them by another means using the contact information in your official department directory. If you don’t know or have their contact information, reach out to someone who does.
  5. Forward CEO Fraud emails to phishing@wpi.edu and discuss with your colleagues. CEO Fraud emails are targeted attacks on specific groups of people and talking about them will help raise awareness for everyone.

VIP Impersonation Warning 

Information Security has recently seen an uptick of a type of VIP Impersonation email phishing attack known as Business Email Compromise (BEC) or CEO Fraud. CEO Fraud is a scam in which cybercriminals spoof company email accounts and impersonate executives or colleagues in the attempt to deceive an employee or colleague into executing unauthorized wire transfers, sending out confidential tax information, or even purchasing gift cards 

Steps of a CEO Fraud (BEC) attack: 

These phishing attacks are not technical but instead use social engineering to achieve the attacker’s goal. Unlike traditional phishing scams, spoofed emails used in CEO fraud schemes rarely set off spam traps because these are targeted phishing scams that are not mass emailed. 

What you can do to protect against CEO Fraud (BEC): 

Additional Resources from the FBI: