CEO fraud

Generally speaking, the attacker starts looking for a target and gathering public information about them; this includes personal and company websites and social media.

Using this information, they prepare a tailormade attack, usually stealing the identity of:

• A senior executive at the company, requesting assistance with an urgent confidential transaction.
• A supplier or external partner, asking to update their bank details for payments, to fraudulently receive the next payment.

• Find out about your footprint: check the information that is publicly available about you and your business online. It is important that you advertise yourself and your business, but disclosing too much information provides attackers with the data they need to commit fraud, such as CEO fraud.
• Think before you click or reply before you act, ask yourself these simple questions, which will help you to identify phishing.
• Check the information: use an alternative channel to confirm any suspicious request. Never use details included in the communication that raises concern. In case of calls, don't be shy, hang up and call back using a trusted number.

The sooner you report it, the better. Inform your line manager, the authorities and your bank as soon as possible.