- 30 October 2015
- Posted by: Danielle Donaldson
- Categories: Cyber Security, News
CEO Email Scams
Please be aware of a new trend in email fraud which the media have now dubbed “whaling” but is also known as “spear phishing”. Several of Cubit’s customers have been targeted with these fraudulent emails recently and they can be very convincing.
Here are some tips for spotting them more easily and some general advice which should help you to avoid falling foul of similar scams in the future.
What do they look like?
The emails usually seem to come from a senior member of staff, usually the MD or CEO and are often sent to the FD or others in the finance team who may be able to authorise or make payments
From: Joe Bloggs email@example.com
Date: 26 October 2015 08:41:37 GMT
Subject: Payment 26/10/2015
How are you today? I need you to process a Chaps payment swiftly, let me know what details would be needed to get it done as soon as possible.
Kind regards, Joe Bloggs
How are these email scams possible?
Although the email seems to be from the real MD, it is actually from an entirely different mail account. Unfortunately, it is very easy to change or “spoof” the from address on an email so that it appears to be from someone else. It is this inherent insecurity that makes this scam possible without the attacker needing to hack into the victim’s email system.
How to spot an email scam
In order for this fraud to work the scammer is relying on getting a reply and exchanging several emails with the victim. So if you were to click reply on a fraudulent message, you would notice that the “reply to” address is not the MD’s address. You can also reveal the reply to address by forwarding the message to yourself at which point it will appear in the thread. Normally it will be a free email account such as Gmail or Hotmail, but sometimes the fraudster will go as far as registering a domain name similar to your company’s to make it look more authentic.
What to do if your Email is not secure
Any email asking for bank details or the transfer of funds should be confirmed with the other party in person or by some other means of communication. If you do receive a suspicious email, please send it to us for further analysis. Never open attachments or click links on emails unless you’re absolutely certain of its origin.
Who are the targets of email scams?
Businesses large and small are being targeted by these frauds including technology companies, some losing tens of millions, as reported here by the BBC.
If you’re concerned that you may have been a victim of an email scam, contact Cubit Technology to find out more.