Tech Tuesday Extra – Urgent request from my boss

“Hi Greg, I got an email saying it was from my boss asking for a wire transfer. Can you look into it?”

TechTuesdays from Charland Technology

This is a new twist on and old “social engineering” hack that’s being called CEO Fraud.

Here’s how it works:

  • The bad guys use a disposable, free email account – often on gmail, yahoo, onmicrosoft, outlook.com, etc. OR they set up a domain that is close to yours but not exact. It’s also possible to exactly spoof the address, but add an extra “reply to” flag in the message.
  • They visit the website of your company and find the names of people who look like “the boss” and grab e-mail addresses of people in the finance department.
  • They change the “Display Name” of their email so it looks like it’s the boss’s address.
  • The accounting folks get a message from “the boss” asking to make a wire transfer – complete with details.
  • If the accounting people aren’t careful, they will follow “the boss’s” instructions and send money.

The FBI released an alert recently about this kind of activity.

What to do?

It’s important to remember that business wire transfers are a very big deal. Once the money is sent there generally isn’t a way to get it back.

Know your company’s e-mail addresses. Your boss doesn’t have an account at executiveofficedirect.com.

Have procedures in place for setting up wire transfers. Make sure your boss is aware of the importance of these rules and risk of financial loss.

Don’t be afraid to confirm any request. Your boss knows that companies have gone out of business over stuff like this. So, confirm by phone or in person when there are any questions.

Consider removing detailed contact info from your public website. These days the vast majority of e-mail contact from websites is SPAM, so we generally use Contact Us forms.

Watch for the typical SPAM/fraud factors in the messages.

This is also a good time to talk about cyberfraud insurance.

Here’s an actual exchange from one of our clients:

(Jim is the boss, Bob is the CFO) Fake JIm’s messages came through as Jim (executiveofficedirect@gmail.com) which Bob correctly identified as NOT his e-mail.

Fake Jim: Hi Bob, are you in the office?

Bob: Yes, what’s up?

Fake Jim: I need you to process a payment. How soon can you get a wire out?

Bob: Today, what do you need?

Fake Jim:
Bank: Washington Federal Bank
Bank address: 398 Sudderth Dr, Ruidoso NM 88345
Account number: XXXXXXX9774
Routing number: XXXXXX980
Account name: Dxxxx Kixxxxxx
Amount: $18,000.00
You can reply to let me know when its done. Thanks.

307 Mechem Drive Ruidoso, NM 88345
Consultancy fees.

Fake Jim: Has it been completed? Is there a problem?

Bob: Why are you using this address?

Fake Jim: Oh, it’s my other email, Bob. There is nothing to worry about. You can proceed with the wire. Let me know when completed. Thanks.

Have you seen this scam yet? Need help protecting your systems and training your staff? Contact us today!