ANATOMY OF THE CEO FRAUD ATTACK
The Motivation
Attackers target and impersonate CEOs, who have the authority to instruct staff to take action.
The Beginning
Attackers look for a spoofable domain of a high-level executive, CEO, CTO or CFO. In most cases, they conduct months of research on the company to be able to make the malicious email seem legitimate.
The Trap
The seemingly genuine email is sent to employees who are responsible for making payments or have access to sensitive information that the attacker needs.
The Response
Without verifying or questioning the legitimacy of the email, the unsuspecting emoloyees immediately act upon it.
The Damage
Once the attack is successful, the attackers get what they want, be it money or data. Fraudulent transactions and unauthorized data access lead to massive loss of money and more targeted data breaches.
The Result • Massive loss of money • Tarnished brand reputation • Valuable customer trust is lost • CEO is fired • The employee who acted on the phishing email is fired • Money and data lost are almost never recovered
Stay Aware, Stay Safe #EmailAuth
https://emailauth.io/