Avoid the CEO Fraud scam that's costing businesses billions | Huddle

According to the FBI, more than 20,000 businesses around the world have collectively lost more than $3bn in the last three years, to a surprisingly low-tech email scam – CEO Fraud, or Business Email Compromise (BEC)

The scammers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO (or other senior executive). In fact, it might take several months for the scammers to collect all of the information they need, researching employees who manage money, understanding company-specific language, and learning the CEO's travel schedule. Then, when everything's in place, they request a wire transfer with a single, well-crafted and plausible email – spoofed to appear as though it’s from the CEO.  

Often, emails will be sent when the “true” CEO is unreachable – for example when they are travelling. 

"Our new supplier needs immediate payment by midday. I’m on a plane for the next 12 hours, so please process the payment immediately.”

It’s a low-tech scam – but a profitable one.

 

"What if a BEC scam targets your clients?"

 

Much is made about the need to protect corporate data, but more often than not the discussion is focused on the management and control of files, and not on the security (or authenticity) of enterprise communication. For many modern organizations, email is now just one of many communication tools in use. Skype, Slack, SMS, and even consumer-grade apps such as Whatsapp, have become prevalent.

And what of the risks if a BEC scam targets your clients?

“As part of your 2017 audit, please can you send a copy of your balance sheet?”

With your client relationships built on trust, one simple email could spell disaster.

 

"Huddle gives your communication context and integrity"

 

BEC scams prey on the weakest link in the security chain – employees themselves – and, given they often only comprise a single email, they’ll often bypass security systems.

So, what to do?

Communication security often comes down to context and process. Working in Huddle, your business communications benefit from three additional layers of security:

  • Context: Every document stored in Huddle has its own comment stream. This means your communications always have context and an original file for recipients to refer back to.

  • Identity: In a BEC scam, the email account has not been compromised (so technologies like 2FA are ineffective), but spoofed. Outside of unauthorized account access, commenting within Huddle can’t be spoofed like email.

  • Audit History: Because all activity is tracked and time-stamped, it’s simple for your team to review historical comments, document access, and the application you used to make your comment, and your historical involvement in a discussion.

 

"Not all technology is created equal"

 

Security is often heavily emphasized in databases and other tools for storing information, but it is equally important in messaging, collaboration and project management solutions, not all of which are equally protected. If you’re work involves collaboration with clients or external partners, the importance of this is even greater.

Trusted by governments, and proven in enterprise, Huddle is the most secure, cloud collaboration solution available. If you’re an executive looking to secure how you work with teams, clients and partners, and want to avoid the risk of a BEC scam, try Huddle for free, or learn more about how Huddle benefits busy executive teams. 

Tim Deluca-Smith

Vice President, Marketing

Try Huddle for free

GET STARTED

Monthly Huddle news and collaboration tips


Request Demo