You are working and you receive an email with the subject “Urgent: payment”. And who comes in the sender? The name of the CEO of your company. “Can you arrange this payment? It is urgent” is usually the text of the message. Although it may seem like a regular correspondence between some departments of the company, specifically the financial one, agreeing to this request could mean being a victim of fraud with financial consequences.
The situation described is known as “CEO fraud.” This is one of the most sophisticated social engineering (attempt to manipulate people) attacks in progress, which is also gaining momentum in Portugal. It consists of a technique of identity fraud where the attackers try to impersonate an executive with a high position in a company (CEO, directors, etc.)”, explains Alberto R. Rodas, pre-sales engineer for Spain and Portugal at the security company Sophos, in written statements to the Observer. “Using social engineering techniques like authority and urgency, the goal is to get an employee, usually from the finance department, to make an urgent ‘secret’ bank transfer of a considerable sum of money”.
The formula is always the same: the worker receives an email that apparently comes from a senior executive of the company (CEO, CFO, etc.) and the text is simple and with an urgent tone. In more extreme cases, it can even be accompanied by phrases like “The company depends on it” either “The fate of the company is in your hands” – although these two examples may already raise some suspicions.
Alberto R. Rodas points out that, in a good number of cases, the “attacks try to make the victim become an accomplice”, by sending emails not from the direct boss, but from someone with a higher position, asking for “discretion and urgency for various reasons.
This article is exclusive to our subscribers: subscribe now and benefit from unlimited reading and other benefits. If you are already a subscriber, log in here. If you think this message is an error, please contact our customer service.