// THREAT DETECTION AND DATA PRIVACY TERM

CEO Fraud

CEO fraud is a scam where an attacker impersonates a high-level executive to trick an employee into making an unauthorized wire transfer or sending sensitive company information. The attacker often creates a sense of urgency to bypass normal security procedures.

CEO Fraud — illustration from Wikipedia
Image via Wikipedia

TECHNICAL DEFINITION

CEO fraud is a social engineering attack, a specific form of Business Email Compromise (BEC) and whaling, where an adversary impersonates a C-level executive (CEO, CFO) to manipulate an employee into executing unauthorized wire transfers or divulging confidential corporate data. The attack vector is typically a spoofed or compromised email account, leveraging authority and urgency to bypass financial controls.

BACKGROUND

Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • Business Email Compromise
  • BEC
  • whaling
  • executive impersonation
  • CFO fraud
  • wire transfer fraud
  • masquerading

USAGE NOTE

This term is frequently used in security awareness training to highlight the importance of verifying unusual or urgent financial requests, even if they appear to come from top leadership.

DEVELOPERS

Organizations developing technology related to CEO Fraud.

  • Abnormal Security

    Develops a cloud-native email security platform that uses behavioral AI and data science to stop socially-engineered attacks, including CEO fraud and other Business Email Compromise (BEC) schemes, that bypass traditional secure email gateways.

  • Mimecast

    Provides a suite of cloud-based email security services, including targeted threat protection specifically designed to defend against impersonation attacks, such as CEO fraud, by scanning inbound emails for signs of malicious intent and spoofing.

  • Proofpoint

    Offers advanced email security and threat protection solutions that use machine learning to detect and block BEC and CEO fraud attempts. Their technology analyzes various threat vectors, including domain spoofing, look-alike domains, and suspicious language.

  • Tessian

    A human layer security company that uses machine learning to understand human communication patterns and behaviors. Their platform helps prevent email-based threats like CEO fraud by detecting anomalies and warning users before they fall victim to an attack.

  • Agari (Fortra)

    Specializes in identity-based email security, pioneering the use of DMARC authentication to prevent domain spoofing, a key technique in CEO fraud. Their platform analyzes email identity to protect against advanced email attacks.

  • IRONSCALES

    Offers a self-learning email security platform that combines AI and human intelligence to detect and remediate advanced phishing threats, including CEO fraud. It uses behavioral analysis and user-reported feedback to identify and remove malicious emails.

  • Vade

    An AI-based email security company that provides threat detection and response for internet service providers and enterprises. Its technology uses machine learning algorithms to detect and block sophisticated spear-phishing attacks like CEO fraud in real-time.

  • Cofense

    Provides phishing detection and response solutions that leverage a global network of human reporters. While focused on user training and awareness, their technology also helps to identify and quarantine sophisticated phishing emails, including CEO fraud attempts, that bypass other security layers.

RELATED TERMS IN THREATS & ATTACKS