Is Your CEO a Fraud? Business Email Compromise and What to Do About It

Business Email Compromise Office 365 Setup

Chances are your CEO isn’t a fraud. But, the email in your inbox that looks like it is from your CEO really might be. 

The FBI calls this cyber threat, “business email compromise.” Some others call it “CEO fraud.” A single incident can cost a small company tens of thousands of dollars. As cyber security experts, we see more of it every day. The worst part is your company’s computer security can be the best there is and still fall prey to this threat. This effective, lucrative scam requires no vulnerabilities in your computer network, nor technical capabilities of the criminal.

Business Email Compromise Explained

The most frequent fraud we are seeing right now is an email that looks like it is from the CEO to the CFO or controller of the company requesting a money wire. The request can be for large amounts like $12,000, $38,000, $75,000 or more. 

Often, the email will say it is for a highly confidential acquisition or for equipment that is needed for a rush job. The cybercriminals behind the email will do research. They are often able to find out the industry and organizational structure of the company in order to email the appropriate person a very believable story.

Another popular tactic is for a criminal to send an email pretending to be from an existing vendor, stating that the vendor has changed banks. The scam email contains new wiring instructions that go to the criminal’s bank account. Seriously, this scam cost one company nearly $40 million.

Business Email Compromise Tips

Unfortunately, there aren’t too many technical solutions that can sniff out this kind of threat. The best protection is education and awareness. Just by reading this blog post you are arming yourself. But trying to get everyone to read, understand and be on the lookout for this scam is tough, so we have a few more suggestions:

  1. Configure your email system to flag inbound email that claims to be from your domain but isn’t. If it is being sent from outside your organization it is classified as “spoofed” to alert your users to be suspicious. (If you are an Intrust IT full-service client on Office 365, this has already been done for you.)
  2. Conduct cyber security training for your employees. (If you are an Intrust IT full-service client, we have free training we will conduct for you, just let your account manager know.)
  3. Set up regular “phish testing” of your employees. This is where you send your employees phishing emails. If anyone clicks a link on a phishing test email, that employee is then auto-enrolled in online security training. (Intrust IT offers this service as well.)
  4. Make sure you have secure communications channels other than email. Instant messaging like Skype for Business, an intranet like SharePoint, or a corporate social network like Yammer allows employees to verify emails outside of email. If you use Office 365 you probably already have rights to all three of these. Intrust can get them set up and show you how to use them.

For more information on how you can use mail rules in Office 365 to tag and alert you to emails with spoofed senders, continue reading here.

Tim Rettig | IT Support Cincinnati | Intrust IT

Tim Rettig

Tim Rettig, Intrust IT founder and serial entrepreneur, is a tech expert, educator and tireless advocate for employee ownership. His strategic work to build partnerships with clients has made Intrust into one of the fastest growing IT companies—scoring a spot on Inc. 5000’s list of Fastest Growing Private Companies for a total of four years.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Cybersecurity for Small Businesses Threat Management Strategies - Intrust IT

Cybersecurity for Small Businesses: Threat Management Strategies

The threat of cybercrime looms larger than ever before. With each passing year, we witness a staggering rise in cyberattacks,...
The Crucial Role of Data Backup in Business Continuity and Disaster Recovery - Intrust IT

The Crucial Role of Data Backup in Business Continuity and Disaster Recovery

Data is the lifeblood of any modern business operation. All organizations rely heavily on digital information, from customer and financial...
What is Two Factor Authentication, and Why Does it Matter - Intrust IT

What Is Two Factor Authentication, and Why Does It Matter?

You’ve likely seen security updates on your phone or computer asking you to set up 2FA or MFA to increase...
Should Information Technology Companies Allow Workers 9 Days AFK - Intrust IT

Should Information Technology Companies Allow Workers 9 Days AFK?

At Intrust IT, we know how powerful stepping away from work can be for our employees’ well-being. We became employee-owned...
The Advantages of Opting for a Managed SOC - Intrust IT

Benefits of Continuous Cybersecurity Monitoring with a Managed Security Operations Center (SOC)

Introduction: The Importance of Robust Cybersecurity in Today's Digital Age As a leading managed service provider, we’ve seen cyber threats...
Local Government Security Breaches Are City Managers Prepared - Intrust IT

Local Government Security Breaches: Are City Officials Prepared?

Virtually every day there’s a new headline about novel cyber threats, government security breaches and municipal government cyber attacks that...