email spoofing

Email Spoofing CEO / Wire Transfer Fraud

The Evolution of Email Fraud

Email fraud and email spoofing have become increasingly sophisticated the past few years. Even to the point where fraudulent emails will surpass traditional SPAM filters and make it to unsuspecting employee’s email inboxes. Unbeknownst to the employees, these emails appear to be sent from their superior, or the owner or CEO of the company with simple requests. The document requests emails are known to request employee forms from HR such as W-2s or 1099s. These scams have all been fallen for with disastrous results. Employee’s social security numbers, addresses, wage information are sent and the damage is done.

Tech Target has a great definition of email spoofing which is, “Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source.”

These emails are designed to make it through traditional filters due to forged email headers. Think of writing a hot-check: The accepting party is unaware the hot-check is fraudulent but accept the check on good faith. This is a similar situation here.

What makes these fraudulent emails even more suspect is that if these emails are replied to, you will receive a reply with further instructions. Replying to the document request email will warrant a reply from the fraudulent sender with a bogus link to download the ‘files’. Or, the email may contain a ZIP container with malicious content.

Things to look for:

  • Check the reply email address, sometimes it will be different than the assumed sender’s actual email address
  • Check for incorrect grammar, spelling, and punctuation
  • If a link is provided, hover over the link (without clicking) to show the URL the link is being directed to
  • Check for a proper email signature

Not all of these items will apply in each situation but notice one could make the difference between sending or downloading items from a legitimate source.

For these suspect emails, especially the wire transfer requests, it is best to implement a policy to pick up the phone and call the person requesting the information. This is the best way to verify if the request is legitimate. These emails can even appear to come from clients with file sharing links to bogus sites to infect the user’s computer systems.

Two common email spoofing scams are the document sending/request and wire transfer fraud. Below are two examples of what those emails look like:

Example 1. Document Send/ Request Fraud

———————————————————————————————-
From: Your CEO [notyourCEOemail@comcast.net]
Sent: February 1, 2018 12:00 PM
Subject: [No Subject]

Did you get the document I sent you?

Thanks,

Your CEO

———————————————————————————————-

Example 2. Wire Transfer Fraud

———————————————————————————————-
From: Your CEO [notyourCEOemail@comcast.net]
Sent: February 1, 2018 12:00 PM
Subject: Wire Transfer

I need you to transfer me $20,000.

Thanks,

Your CEO

———————————————————————————————-

How to protect your company?

These types of emails are notorious for making it through traditional SPAM filters. The reason they are so difficult to block is that they are sent in a way to make it appear they are coming from a reputable source. The filters cannot block the CEO from sending emails, even though his email address or name have been spoofed. One of the best lines of defense is educating yourself and your staff on what to do in the event that such an email spoofing is received. Show them the items to look for such as checking the reply email address and checking any links in the email by hovering but not clicking over the links.

The motto I pass along is from KnowBe4, a security awareness training company, which is Think Before You Click! If you are not expecting such an email from a C-level or client with a request for document or money transfer, check with them first before taking any action. This can make the biggest difference between doing something you are requested to do versus doing something you are not supposed to do. It is better to ask for too much information than not enough in these circumstances.

Employee training programs are becoming more popular these days and provide training videos and documentation on what to look out for and additional measures to take to protect yourself and your company in case such an event occurs.

Conclusion

Always use the best judgment when dealing with these types of emails. If you receive an email that is requesting documents or a wire transfer and you were not expecting such an email, the best thing to do is to contact the sender directly via phone or in person to verify the request. Do not reply to these emails as you will receive some type of reply with further instructions.

Having traditional Anti-Virus, Anti-Spam and Anti-Malware will protect you to a certain degree. They will block any intrusions into your computer or systems unless allowed, and they will block the user from clicking on bogus URLs and being directed to malicious sites. Of course, there is the human element in play here. This will not stop an employee from sending files directly to a fraudulent request. Employees must be trained and notified what to look out for in case of such an incident.

Implement policies within your business to plan for such an occurrence. Make sure employees know to ask for further clarification before sending or requesting additional information or documentation which could compromise the business. If a proper process is implemented, a business can look back to the policy itself to make sure it was followed properly by their staff. Employee training will go a long way to preventing such an incident from happening in the first place.

If you have any questions about what Custom Information Services can do for your business contact us today.