CEO Fraud via Messenger: Learn How to Protect Your Company

· Deutsche Version
CEO Fraud via Messenger: Learn How to Protect Your Company

Phishing: Cases of Fraud Are Steadily Rising

In regard to electronic communication, “phishing” describes an attempt to defraud where the fraudster tries to mislead and manipulate its victim by telephone, email, or another communication channel. The goal is to persuade them to hand over confidential information (such as login credentials or credit card numbers), download attachments containing malware, or carry out financial transactions.

As a 2020 study (in German) by Bitkom confirms, phishing is a major problem for companies around the globe. According to this study, phishing attacks have caused financial damage in one out of four German companies the previous year, which translates to an 8% increase in two years.

In the report “State of the Phish”, published in 2021 by the cybersecurity and compliance company Proofpoint, more than 75% of the interviewed security specialists indicated that their company was confronted with phishing attacks in 2020. The report included companies from Germany, Britain, Spain, France, the USA, Australia, and Japan.

CEO Fraud: Cybercriminals Purporting to be Chief Executives

CEO fraud, also known as “Business Email Compromise” (BEC) or “fake president fraud,” is a special kind of phishing where the attacker tries to impersonate a company’s director or a high-level employee. Through the means of deceptive emails, the attacker urges the employee to transfer money to an external bank account as quickly as possible or to divulge sensitive company data.

Social Media, a Data “Treasure Trove”

To carry out a CEO fraud, criminals often make use of information companies share in business reports and on their websites. However, the most valuable sources of information are social networks. In many cases, details about an employee’s identity and position are publicly accessible on sites like LinkedIn.

Phishing via WhatsApp

Lately, phishing via WhatsApp has been growing fast in popularity. In a case outlined by the Swiss National Cyber Security Centre (NCSC) about fraudulent WhatsApp messages, fraudsters created a fake profile and pretended to be the company director. Another case was reported where fraudsters used an audio deepfake imitating the voice of a chairperson to blackmail employees of a company.

One reason for the growing number of phishing cases via messenger is the fact that improvements in cyber defense are making it hard for hackers to access a company’s internal systems. A welcome alternative, therefore, is the manipulation of employees, also known as “social engineering.” As a result, it is particularly important to watch out for fraudulent WhatsApp messages.

How to Recognize CEO Fraud via Messenger

To most people, fraudulent messages can be hard to recognize. However, the following characteristics should set the alarm bells ringing for employees:

  • Sender: It can be considered a sign of CEO fraud when the sender has never made a similar request before.
  • Writing style and language: Phishing messages are often created by translation apps or non-native speakers. Unusual expressions or misspellings generally call for caution.
  • Time pressure: Is there any time pressure because the company’s success is said to depend on the requested transaction?
  • Request for confidentiality: When the sender demands total confidentiality regarding the activity to be performed, it may also be an indication of CEO fraud.

How Threema Work Makes CEO Fraud Almost Impossible

Based on the growing number of fraudulent WhatsApp messages, companies should make it a priority to ensure secure internal communication.

Implementing a secure chat service is a crucial step for preventing phishing via messenger. With Threema Work, this type of scam is almost impossible.

Central Security Feature: Verification Levels

One of Threema Work’s features to help reduce scams are the three verification levels, which appear as three colored dots next to a contact. The dots help prevent man-in-the-middle attacks and provide certainty regarding the identity of a contact.

While email addresses are easy to fake, Threema Work’s highest verification level indicates that there’s no doubt about the contact’s identity and that the communication isn’t being intercepted by third parties.

Threema Work uses the following verification levels for contacts:

  • Level 1Level 1 (red): The contact is unknown. There’s no email address or telephone number connected to their ID, or no matching contact was found in your address book. It isn’t certain whether this person really is who they claim to be.
  • Level 2Level 2 (blue): This verification level indicates that the Threema ID belongs to an internal company contact. External parties cannot acquire this verification level.
  • Level 3Level 3 (blue): This verification level indicates that the Threema ID belongs to an internal contact whose ID and public key you have verified by scanning their QR code. The identity of this conversation partner is unquestionable.

Closed User Groups: Full Control of Internal Communication

With Threema Work, it is possible to restrict communication to internal company contacts. This setting allows users of a subscription to communicate exclusively with each other and, if needed, with contacts that were added manually in the management cockpit. Any possibility for external parties to access the closed user group is ruled out, and communicating this way renders any kind of CEO fraud impossible from the outset.

Raising Employee Awareness of CEO Fraud

A study (in German) by the Swiss Academy of Engineering Sciences (SATW) confirms that employers urgently need to inform their workforce about CEO fraud and other forms of cyberattacks.

No less than 35% of the companies interviewed indicated that they carry out little or no regular training to increase cybersecurity. Even during the Covid-19 lockdown periods, when working from home became mandatory, just 8% of the Swiss SMEs offered training programs to their employees.

Furthermore, employees should be made aware that they should only contact each other via Threema Work or in person in critical cases. After all, it’s impossible to prevent CEO fraud via communication channels such as email.

Before carrying out financial transactions or disclosing company data, employees should also be obliged to contact the management – either in person or via Threema Work – and ask about the trustworthiness of the request.

Responsible Handling of Private Information

As mentioned before, social networks offer an ideal source of information to tailor phishing emails to the potential victims.

An adequate preventive measure against CEO fraud, therefore, is to control any professional information that is shared on Facebook, Instagram, Xing, or LinkedIn. This includes details about the employer, the last business trip, and the specific department membership.

Prevent CEO Fraud – Try Threema Work

To effectively protect a company against CEO fraud and the associated financial loss, it is paramount to raise employee awareness and to introduce a communication channel that provides information about the identity and company affiliation of a contact. This helps to prevent social engineering attacks and any unintentional disclosure of internal information to external parties.