In December 2015, a money transfer company Xoom was expecting to take a one-time charge of $30.8 million. So, when a CFO and finance staff received an email request with instructions to make the transfer, they promptly wired the money. Unfortunately, this request was part of an employee impersonation attack, with all of the funds transferred to a fraudulent account. As a result of this attack, Xoom’s shares plummeted by 17% and their CFO took immediate resignation.Free Barracuda webinar on understanding and preventing finance phishing fraud. Details in this Barracuda Blog post.Click To Tweet
CFOs and finance staff are one of the most targeted employees in the company when it comes to email fraud. Hackers choose Finance employees due to their access to company finances and other sensitive information. Most of CFO attacks begin with a targeted phishing attack, where attackers impersonate other executives within the organization to request wire transfers.
This type of scam is also known as Business Email Compromise and have costed businesses over $12 billion according to FBI. According to Barracuda own research around a third of all business email compromise attacks we detected, targeted specifically CFO, Finance department or HR.
- Employee impersonation: Hacker use impersonation and spoofing techniques to take on an identity of another employee or executive requesting a wire transfer. These attacks usually appear to come from a superior and have a sense of urgency to put pressure on the recipient.
- Impersonation of vendors and partners: This scam will take advantage of already existing financial relationships your organization has. Attackers impersonate your business partners requesting payment to a different account.
- Account takeover: Attackers use compromised accounts to target your CFOs with fraudulent email requests. They have added advantage to learn about business transitions through access to these compromised accounts. At the right time, they will send a request for wire transfers to fraudulent accounts.
There are a number of ways you can protect your finance department and your business. These range from deploying multi-layered email protection to providing full security training to your most vulnerable employees.
Watch our free on-demand webinar for a discussion on technology, security training, and tactics available to you to keep your business safe from CFO fraud.
For more information and to register for a webinar visit our events page here.
Olesia Klevchuk is a Senior Product Marketing Manager for email security at Barracuda Networks. In her role, she focuses on defining how organizations can protect themselves against advanced email threats, spear phishing and account takeover. Prior to Barracuda Olesia worked in email security, brand protection and IT research.