Research, social engineering and automatic scanning are just some of the weapons that scammers use to infiltrate businesses and impersonate the boss. Once the scammers have penetrated the company, they can hide for months; waiting for the perfect opportunity to launch an attack.
A great deal of careful planning and patience lies behind the thousands of CEO fraud attempts targeted at top Danish executives each year. Typically, the fraudsters send a fake emergency mail to the finance department from an executive who is away from the office. This mail instructs the employees to transfer a larger amount of money quickly, confidentially and without questioning the transaction.
Prior to the actual fake mail, a great deal of groundwork has typically already taken place. The fraudsters will have methodically investigated the company, identified key persons and gained access to internal systems such as e-mail servers and calendars. The incidence of CEO fraud is on the rise, and studies and experience from the NNIT Cyber Defense Center shows that these cybercriminals are becoming more and more sophisticated.
Nowadays, the criminals behind CEO fraud have an advanced range of tools that can automatically scan for vulnerabilities, and exploit passwords and login information. They are also clever at reading and imitating internal communication; so language use and formulation match the emails that the victims themselves send. They are becoming so good that our surveillance activities never stop.