Webhosting | Hosting - My Hosting PartnerWebhosting | Hosting - My Hosting PartnerWebhosting | Hosting - My Hosting PartnerWebhosting | Hosting - My Hosting Partner

Can you just transfer money

Can you just transfer money
MijnHostingPartner

Can you just transfer money

Can you just transfer money

In recent months we have been hearing from many Dutch and Belgian of our clients that they are dealing with a new form of scam: CEO fraud. This form is very similar to phishing but the execution is much more sophisticated. How exactly does this fraud work and what can you do about it?

How does CEO fraud work?

The major difference between ceo fraud and other forms of fraud is the attention that criminals pay to the companies they want to scam. Fraudsters sometimes spend months preparing and gathering information about a target. The fraud often starts with a fake email on behalf of a director or manager of the organization in question. In this e-mail a manager or an administrative employee is asked to transfer a large sum of money. Obviously, this amount must then be transferred to an account abroad. If the employee does not trust it, a telephone call is often made to the fraudsters. For this purpose the criminals have created a non-existent third party. This could be a law firm, for example. These phone calls seem so reliable that the employee, completely in good faith, transfers the requested amount. The damage can run into the tons and is not reimbursed by the insurance company.

CEO fraud: A global problem

Across the globe, CEO fraud is on the rise. The total damages that companies have suffered so far are probably already in the billions. Several Dutch companies were also victims of CEO fraud and, according to the National Cyber Security Center, dozens of companies have been actively approached in recent months. The victims are often large multinationals, but medium-sized and small companies can also fall victim.

Why do companies fall for it?

Recently, SIDN was also the target of CEO fraud. Fortunately, the employee who received the e-mail was paying close attention and the e-mail message on behalf of the CEO, Roelof Meijer, was not very well drafted. Often, however, this is different. CEO fraudsters try to psychologically influence their victims by including real details in their story. For example, they refer to the CEO's appearance or his way of communicating. This sophisticated form makes an unusual payment appear reliable. In addition, the employees involved often work at a great distance from the CEO and are not likely to call him directly. And who doesn't want to get on the good side of the boss?

Watch out for spoofing

The so-called emails from the CEO are so believable that it is very difficult for the concerned employee to see that this is fake. Some CEO fraudsters are even able to 'spoof' the email address. The fake email then appears to come from the ceo's real email address. Fortunately, there are now techniques available that counteract this: DKIM, SPF and DMARC. These are usually deployed together to check that the sender and sender of a message are correct and that the content has not been changed along the way. MijnHostingPartner.nl can help you with this. By default, we have already applied SMTP verification to our mail. And you can create a DKIM certificate for your email domain within a few actions.

Always pay attention

Fraudsters usually use forged email addresses. These, like phishing, are hard to distinguish from real ones. To make them credible, they are sent from a domain name that closely resembles that of the company but with a small addition, such as @nl-companyname.com or @m-companyname.nl. In other cases, they use numbers and letters that look similar, such as a 0 instead of an o, or a 1 instead of an l. The most important thing you can do is pay close attention to this. Look carefully at the sender of an e-mail if you do not trust it. Is the e-mail address correct? Is the name written correctly? If you don't trust it, contact the person in question personally.

Less risky DBS

Companies that want to reduce the risk of becoming victims of CEO fraud can use SIDN's Domain Name Monitoring Service (DBS). This monitoring tool warns of domain name registrations that strongly resemble a company or brand name. Suspicious registrations within the .nl domain are reported as standard, but DBS also works with all other major internet extensions. Users can take timely action following such a report. This reduces the chance of employees receiving false emails with requests to transfer money.