What is CEO Fraud Phishing? Why Executives Are at Increased Risk

Written by Emily Jones on September 12, 2022

You’ve heard the age-old adage, “With great power comes great responsibility,” but with advancements in AI (artificial intelligence), extended reality, greater computing power and smarter devices, you might want to change this phrase to, “With great technology, comes great power and responsibility.”

In the not-so-distant future, you may see a type of CEO fraud phishing that takes your perception of phishing to a whole new level where scammers could manipulate victims in a way that makes them question their own reality.

Picture this: you’re a C-suite leader going about your day when someone thanks you for being on a video call. You know they must be mistaken because you haven’t been on any calls, but the employee produces an image of what seems to be you leading the meeting. How would you explain that?

The explanation may be that a hacker used new video editing and AI technology to digitally mimic your likeness, and some think this new era of CEO fraud might already be under way.

What Type of Phishing Attack Targets Particular Individuals?

CEO fraud phishing is a spear phishing technique where scammers impersonate C-suite level employees to gain access to a company’s network and/or sensitive information. Typically, the scammer will attempt to trick an employee into changing bill pay information, which transfers money into the scammers bank account.

Alternatively, they may opt to install a malicious software, known as ransomware, on an employee’s device, locking their important files until they agree to pay a ransom in exchange.

What is CEO Fraud Phishing?

In CEO fraud phishing, the scammer doesn’t just target an employee by impersonating company leaders. Often, the scammer lies dormant in the company’s network and monitors their communications to cherry pick the victim they want to target.

Gone are the days of traditional phishing, where scammers would have to cast a wide net to see what bites. Within the past decade, technological advancements have propelled phishing techniques to new, very dangerous, heights because of their ability to impersonate highly influential people through CEO fraud.

Currently, the majority of CEO fraud phishing is executed by sending an email to a targeted employee requesting to change financial account information. The email will appear to be sent from an authority figure within the company, like a CEO, but upon further review, misspellings, a fake email address and other red flags should help the employee determine the email is fraudulent.

Unfortunately, CEO fraud prevention is a moving target, and scammers are quickly becoming more advanced in their techniques. As employees learn the signs of CEO fraud through phishing awareness training, scammers are already planning new ways to take advantage of them.

With CEO fraud, scammers use social engineering—collecting information found online through websites like LinkedIn—to determine a company’s employee network. They also use learned behaviors and human tendencies to prey on victims. For example, they know employees try to follow the requests of their superiors and seldom question assignments. Scammers use this to their advantage.

This can (and has) resulted in major financial losses for businesses across every industry. This is why CEO fraud phishing is such a threat. Some companies are unable to recover from the financial losses and risk closing their businesses.

In 2021, CEO fraud led to $2.4 billion in losses to U.S. businesses, which accounts for one-third of the year’s total cybercrime costs.

Warren Averett ceo fraud phishing quote image

What’s most concerning though is not how much CEO fraud phishing has already cost U.S. businesses, but rather the potential CEO fraud has to create monumental damage in the future. Recent claims suggest that scammers may already be attempting to utilize a type of synthetic media, known as deepfakes, to commit CEO fraud.

CEO Fraud Phishing and Deepfakes

Deepfakes use AI to impersonate the likeness of a person in a video or other form of digital media. Scammers using deepfake videos digitally alter a person’s face and/or body to appear to be someone influential within the company, which can then be used maliciously or to spread false information. A notable example occurred in the summer of 2022 when the CCO of Binance, the world’s largest crypto exchange, claimed scammers used a deepfake of him to trick contacts into taking meetings.

To date, there have been no definitively confirmed cases of scammers using deepfake technology during live video calls. However, audio deepfakes have been used to impersonate people over the phone, and video deepfakes have been shared on social media to boost support of crypto scams. A deepfake video of Elon Musk promoting crypto scams went viral the spring of 2022.

Regardless of whether live deepfakes could eventually create real-world damage, it’s important we stay on top of this threat and up to date on the latest CEO fraud phishing methods to better protect ourselves and our businesses. Protection requires us to know what to look out for, now and in the future, so employee phishing attack training should be considered an integral part of CEO fraud protection.

Protect Your Business Against CEO Fraud: Phishing Awareness Training & Technology Solutions

Humans will always make mistakes, but fortunately, technology solutions can help mitigate those risks by reducing the number of phishing scams an employee receives.

Adding a next generation anti-phishing solution with a strong endpoint detection and response (EDR) can significantly reduce the chances of attempted phishing scams making their way to your employees, thus reducing the chance for mistakes.

As great as it is to have automated technology solutions as your first line of defense, it should never be your only method of phishing prevention. Even the most robust technology solutions cannot 100% eliminate the chances of receiving a phishing email or being the victim or target of CEO fraud.

Therefore, phishing awareness training for employees should be seen as a vital part of your phishing prevention plan. If every employee receives proper phishing attack training and phishing education, they will know how to spot scams, like CEO fraud, and be far less likely to fall for them.

Start by designing a rigorous user education program that not only helps your team members identify fraudulent emails, but also provides specific guidance for how to handle suspected phishing. You should also test users with simulated phishing attempts.

It’s also recommended that companies regularly spread awareness by sending recurring reminders to employees about the dangers of phishing and how to stay vigilant. For busy employees with different priorities competing for their attention, an educational program that keeps phishing prevention top of mind can yield the best results—especially when we know there are concerning CEO fraud threats on the horizon.

Working with an IT Partner to Prevent CEO Fraud Phishing

As phishing scams continue to advance, you may find that providing in-house phishing prevention solutions is no longer feasible. Tell-tale signs of phishing are changing, there are too many anti-phishing solutions to choose from and you’re overwhelmed trying to monitor all possible phishing activity in real time. On top of that, technology is constantly evolving, and tools are always changing.

If this sounds familiar, it might be time to partner with an IT provider who can assess your current infrastructure, determine security needs and implement the proper technology solution.

Learn More About CEO Fraud Phishing and How to Protect What Matters Most.

Warren Averett Technology Group offers a comprehensive CEO fraud prevention solution that can be deployed on all computers throughout your network. Our solution uses artificial intelligence to detect and remove known and unknown attacks to help prevent phishing emails from ever reaching your inbox.

If you’re looking to protect your business against CEO fraud, connect with a Warren Averett Technology Group expert to learn more.



Back to Resources