Business email compromise, also known as “whaling” or “CEO fraud”, is one the biggest threats facing businesses today.
The perpetrators behind the attacks don’t need to write sophisticated malware, or breach your computer security systems. All they need to do is send an email to a member of your staff, posing as a senior executive and asking for a sizeable amount of money be transferred to a bank account under their control.
How big an amount of money?
Well, Ryan Air lost $5 million after being targeted by scammers in this way. One of the world’s leading wire and cable manufacturers, Leoni AG, was swindled out of a staggering $44 million through this technique, and aerospace parts manufacturer FACC was defrauded to the tune of $55 million.
And sometimes it’s not money. As the likes of Seagate, Snapchat and others have discovered in the past, sometimes the fraudsters are after customer databases or HR records that they can exploit for financial ends.
So I’m delighted to see Barclays Bank releasing videos warning users of the risks of business email compromise.
This problem is primarily a human one. We cannot hope to fight it unless we raise awareness, and train staff to follow proper procedures when asked to move money or email sensitive documents.
As I explain in my own YouTube video, it should be ok to say “no” to the CEO.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.