CEO Fraud & Anti-Spoof Detection

CEO Fraud & Anti-Spoof Detection

Spambrella has the detection and protection required for organisations to protect themselves from the ever increasing threat of CEO fraud using anti-spoofing features. Spambrella will quarantine emails suspected of being an imposter threat and will allow your administrators to release those suspect emails. Alerts are sent to admins as per your preference in order to manage this process effectively.

How does a CEO Fraud scam work?

CEO fraud will typically start with an email being sent from a fraudster to a member of staff in a company’s finance department. The member of staff will be told by the fraudster who is purporting to be a company director or CEO that they need to quickly transfer money to a certain bank account for a specific reason. The member of staff will do as their boss has instructed, only to find that they have sent money to a fraudster’s bank account. The fraudster will normally redistribute this money into other mule accounts and then close down the bank account to make it untraceable.

Out of the £32 million reported to be lost by businesses to CEO fraud only £1 million has been able to be recovered by the victims (UK Statistics). This is due to businesses taking too long to discover that they have been the victim of fraud and the lost money already being moved by fraudsters into mule accounts.

Most businesses reported initially being contacted via emails with and suffixes although this has of course broadened to include domains similar to those used by the organization for targeted attacks.

CEO fraud, also known as Business Email Compromise (BEC) or email spoofing, continues to be a prevalent cyber threat targeting organizations worldwide. Here are some recent examples of CEO fraud incidents:

Phony Invoice Scam: In a recent case, cybercriminals impersonated the CEO of a large corporation and instructed the finance department to wire funds to a fraudulent account under the guise of paying a vendor invoice. The attackers used spoofed email addresses and deceptive tactics to trick employees into transferring significant amounts of money, resulting in financial losses for the organization.

Payroll Diversion Scheme: In another instance of CEO fraud, threat actors gained unauthorized access to an organization’s email system and impersonated the CEO to request changes to employee payroll information. The attackers instructed the HR department to redirect employee salary payments to fraudulent bank accounts controlled by the cybercriminals, resulting in financial losses and payroll discrepancies for the organization.

Real Estate Transaction Fraud: CEO fraud has also been observed in the real estate industry, where cybercriminals target homebuyers, sellers, and real estate agents in fraudulent transactions. In some cases, attackers compromise email accounts associated with real estate transactions and impersonate parties involved in the deal to redirect closing funds to fraudulent accounts, leading to financial losses and legal disputes.

Supplier Payment Fraud: Cybercriminals have been known to exploit CEO impersonation tactics to defraud organizations in supplier payment scams. In such schemes, attackers impersonate executives or vendors and request changes to payment instructions, diverting funds intended for legitimate suppliers to fraudulent bank accounts controlled by the fraudsters.

Gift Card Scams: In recent years, CEO fraud has evolved to include gift card scams targeting employees of organizations. Cybercriminals impersonate company executives or managers via email and request employees to purchase gift cards for business purposes, such as client gifts or employee rewards. The attackers then use the gift card codes to make unauthorized purchases or monetize the cards on illicit online marketplaces.

These are just a few examples of CEO fraud incidents, and the tactics employed by cybercriminals are continually evolving. Organizations must remain vigilant and implement robust email security measures, employee training programs, and authentication mechanisms to detect and prevent CEO fraud and other forms of email-based cyber threats.

What is Email Spoofing?

Email spoofing is the creation of email messages with a forged sender address for the purpose of fooling the recipient into providing money or sensitive information. For example, a sender sends a message to your organization email address stating that you have X days to log into your account to take advantage of new stock investments. The message uses your company’s letterhead, looks as legitimate as the 401k notices you’ve received before, and has a login link.

What is it costing companies?

In August 2023, the FBI issued a public notice indicating that Business Email Compromise (BEC) is estimated to have cost companies over $2.2 billion between October 2021 and August 2023. Spoofing is one of many forms of BEC.

How do you stop these Spoof attacks?

When using Spambrella, these messages can be quarantined for further review and released if appropriate. Spambrella users can also create exceptions in order to allow the delivery of emails from approved senders, such as externally delivered marketing communication.

Here are some methods Spambrella uses to identify and mitigate CEO fraud incidents:

Email Authentication Protocols: Spambrella email security services leverage authentication protocols such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to verify the authenticity of email senders. These protocols help detect email spoofing attempts by verifying that the sender’s domain is legitimate and authorized to send emails on behalf of the organization.

Anomaly Detection: Spambrellas uses machine learning algorithms and behavioral analysis to identify anomalies in email communication patterns. These anomalies may include unusual sender behavior, such as sudden changes in email volume, irregular login locations, or atypical communication patterns, which could indicate a CEO fraud attempt.

Domain Reputation and Analysis: Spambrella analyzes the reputation of sender domains and IP addresses to assess their trustworthiness. Suspicious domains or IPs associated with known phishing or spoofing activities are flagged and subjected to additional scrutiny to detect potential CEO fraud attempts.

Content Analysis: We analyze the content of incoming emails to detect signs of CEO fraud, such as requests for urgent wire transfers, changes to payment instructions, or unusual financial transactions. Natural Language Processing (NLP) algorithms and keyword-based detection techniques are used to identify suspicious content indicative of fraudulent activity.

URL and Link Scanning: Spambrella services scan URLs and hyperlinks included in email messages to identify phishing websites or malicious destinations. Suspicious links leading to fraudulent websites or spoofed login pages are flagged and blocked to prevent users from falling victim to CEO fraud scams.

Domain Spoofing Detection: Organizations should employ advanced techniques to detect domain spoofing attempts, where cybercriminals use deceptive tactics to impersonate legitimate sender domains. These techniques may include analyzing email headers, inspecting message routing paths, and comparing sender information against known sender profiles to identify anomalies indicative of domain spoofing.

User Awareness and Training: Spambrella email security services complement technical controls with user awareness and training programs to educate employees about the risks of CEO fraud and other email-based scams. Training sessions, simulated phishing exercises, and awareness campaigns help employees recognize the signs of CEO fraud and take appropriate action to report suspicious emails to security teams.

By combining these detection techniques with robust email security policies, authentication mechanisms, and user awareness programs, email security services can effectively detect and mitigate CEO fraud attempts, protecting organizations from financial losses and reputational damage associated with email-based scams. Contact Spambrella today to discuss our services and how our team can help manage the entire process from setup to ongoing management and training.

Further reading:

Business Email Attack Losses Now Top $12 Billion – FBI

Business Email Compromise Threats

Contact Sales




Related Case Studies

Used the software for: 2+ years - 5/5 Overall
With an ever overloaded department, and with cybersecurity skills shortage getting worse securing the I.T infrastructure.

Offloading the task of e-mail filtering to Spambrella has dramatically helped in the department's performance. The only drawback in our case is that the service is hosted outside of our territory and thus out of the legal jurisdiction.

John P., Review via Gartner Capterra

The service is great at filtering bad email as well as junk email out while allowing clean email though. I have used a few other options over the years and this is the best I have found. Clients sometimes have trouble configuring their settings to how they want it to be. Or tag emails as approved when they shouldn't and need IT interaction to resolve. Maybe just ease of use or having a more clear way for clients to resolve basics on their own.

Brian M., Review via Gartner Capterra

Robust, versatile, and reliable...
The reliability of the service and the level of protection that it provides. My spam levels immediately dropped to near zero.

There are almost no false positives. And I'm easily able to customize the level of protection with whitelists, blacklists, and sensitivity settings. I'm also a big fan of the antivirus and URL scanning features.

Verified Reviewer, Review via Gartner Capterra

I found spambrella to be easy to set up and has dramatically reduced the number of spam emails hitting our inboxes. It was easy to 'train' the software to release any genuine emails that were caught or add any spam that was not picked up.

Within a couple of weeks of use virtually no spam arrived to our mailboxes. Spam and phishing emails are a growing problem for everyone I'm sure. I now get a very low incidence of spam.

David F., Review via Gartner Capterra

Easy to onboard my customers from another spam filtering system. Very fast and haven't had any downtime in the 9 months since I have moved to Spambrella. When I have had to use support, responses where quick. I had to move all my customers from another filtering system with little notice. After I moved my customers I realised how bad the old solution I used was. Contact with Sales and Support always been professional

Allen B., Review via Gartner Capterra

It doesn't require an arcane knowledge to set the Spam filtering up, the guides are straight to the point and support staff are very helpful. Functionality wise, in short: we do not get spammed. Thanks to Spambrella.

Archiving wise, the new solution is easy to use, searches well and fast and is by far the cheapest we could find at the time. Ten year retention rocks!

Verified Reviewer, Review via Gartner Capterra

Latest blog posts

  • On June 14, 2024
Microsoft 365 Email Continuity Service – Is it Needed?

An email continuity service, whilst not strictly required for Microsoft 365, can be highly beneficial for ensuring business continuity. When considering MX (Mail Exchange) backup…

Read more
  • On June 13, 2024
HIPAA Email Security: A Guide for Healthcare Organizations

Sharing sensitive patient information via email goes hand in hand with hidden exposure risks that HIPAA regulations aim to ward off. Traditional email security standards…

Read more
  • On June 12, 2024
Business email archiving: Compliance and accessibility

An email network acts as the central nervous system by spreading critical information throughout the organization. If this network is disrupted, you may be unable…

Read more
  • On May 31, 2024
Why Microsoft 365 is Insufficient for Email Security

This article investigates why Microsoft 365 is insufficient for email security in today’s digital landscape. Email security is a critical concern for businesses of all…

Read more