Cybercriminals are always on the hunt for new ways to defraud organizations. Executive Email Compromise is an attack vector that uses the email accounts of senior management to deceive Accounts Payable staff into processing illegitimate funds transfers.
In this blog, we explore Executive Email Compromise and what you can do to protect your organization.
What is Executive Email Compromise?
Executive Email Compromise, or EEC, sees cybercriminals impersonate an organization’s senior management. They do this to deceive staff into thinking they have received instructions from superiors, typically their CEO or CFO.
In most cases, EEC is a tactic used to defraud an organization by tricking Accounts Payable (AP) staff into sending funds to a bank account controlled by the scammers.
Why is EEC Effective?
EEC is an effective attack vector because cybercriminals understand that most staff have a natural desire to please their bosses. Whenever staff receive instructions from senior management, they usually comply with those instructions as quickly as possible.
It is highly unlikely that an AP staff member would ignore an instruction from their CEO or CFO to process a payment – particularly if they are told the payment is urgent. The staff member would naturally be concerned that any delay in processing the payment could result in a range of difficulties for their organization, in turn causing problems for the executive who issued the payment instruction.
Cybercriminals routinely take advantage of the human desire to be efficient and helpful. While dealing promptly with matters in the workplace is certainly an admirable attribute, it’s important that this does not come at the expense of payment security.
How Do Cybercriminals Carry Out an EEC Attack?
Typically, a cybercriminal will gain malicious access to an executive’s email account. They may have hacked into the corporate network or engaged in phishing to compromise the executive’s password.
With access to their email account, the cybercriminal uses it to send fake emails to AP staff with urgent payment instructions. Invariably, the funds are then sent to a bank account controlled by the attacker, who either transfers the money to offshore accounts or converts it into cryptocurrency.
At this point, it is too late for the defrauded organization to recover the funds.
Why Is It So Hard to Stop EEC?
EEC is notoriously difficult to prevent because it typically involves the exploitation of a legitimate email account.
By using an executive’s legitimate email account, the fake emails are able to bypass the usual tools that are in place to weed out malicious emails.
Even if AP staff closely scrutinize the email’s “From” and “Reply-to” fields, they are unlikely to identify the email as malicious. Furthermore, while AP staff may be trained to call a vendor each time they process an invoice, they are unlikely to have call-back controls in place every time they follow an instruction issued by their CEO or CFO.
In a sign of just how cunning cybercriminals have become, they often send their fake payment instruction at a time when they know the executive will be uncontactable, such as when they are about to board an international flight. This makes the AP officer even more likely to carry out the payment instruction without verifying its authenticity.
What Are Some Recent Trends in EEC?
Not all work-related communications occur via email.
Increasingly, staff use a range of channels to communicate and collaborate. Everything from video conferencing tools, such as Zoom, to team-collaboration applications, such as Slack and Discord, have become ubiquitous since hybrid work became commonplace during the pandemic.
All these channels can also be exploited by cybercriminals who are impersonating your organization’s senior management.
Once a cybercriminal gains access to an executive’s computer systems, they can use these tools to send messages to AP staff with instructions to transfer funds to a bank account they control.
While AP staff may be on the lookout for suspicious emails, they should also be trained to act with caution when using any type of communications channels. Staff may be particularly vulnerable when using such tools due to the fact that they often access them on mobile devices, when their guard is down.
Cybercriminals have even been known to generate Deep Fake messages of executives as a way of deceiving AP staff. A Deep Fake is a fake video or audio message of a person that looks absolutely authentic. It uses Artificial Intelligence to impersonate a trusted individual. Deep Fakes can be almost impossible to identify.
How can Eftsure help?
It’s not easy to stop sophisticated cybercriminals. They are continuously hunting for any new opportunity to deceive AP staff into processing illegitimate payments to bank accounts they control. While invoice manipulation remains the most common tactic, it is by no means the only tactic.
Cybercriminals are increasingly taking advantage of the desire by most AP staff to be efficient and helpful in the workplace. By impersonating executives and using their legitimate email accounts to issue fake payment instructions, cybercriminals have identified a new way to carry out online fraud.
Expecting busy AP staff to identify every malicious attempt to deceive them is both unfair and ultimately doomed to fail. Instead, you need a tool in place that automatically identifies whether outgoing payments are being sent to the intended recipient.
With Eftsure sitting on top of your accounting processes, payments that are not being sent to an intended recipient can be flagged in real-time, allowing your AP team to pause and investigate further.
Contact Eftsure for a demonstration of our platform and start protecting your organization from Executive Email Compromise today.
The Essential Cybersecurity Guide for CFOs
Learn how you can protect your organization from increasingly sophisticated cybercriminals.
Download our FREE Cybersecurity Guide for CFOs today to understand the current state of the threat landscape and what it takes to stay safe.
