“Business Email Compromise” (also widely known as “CEO Fraud”) has become an increasingly popular scam wreaking havoc on the corporate world which has resulted in the loss of more than a billion dollars in less than two years.

But, what is business email compromise?

It starts with a simple, seemingly harmless email that is intentionally delivered to the executives of a company. The email often contains a link that the hackers anticipate will be clicked on by one of the executives. This initial scam is called “phishing” and is often undetectable, until it’s too late.

Once the executive’s account has been accessed, the hacker will primarily use one of the following two ways to begin siphoning corporate funds:

a) The hacker will read the incoming and outgoing emails from the account, analyze which departments, businesses, or partners deal directly with funding, and then proceed to mock up a forged message asking that funding be relayed to a new account via wire transfer — one operated by the hacker. Often times, departments won’t question an executive’s orders, so the funding or checks being cut will directed to the fraudulent account without question.

But, there’s also a second way that the hacker could use the accessed account…

b) The hacker scans over the contact list, as well as the incoming/outgoing email messages, once again evaluating which email addresses are the most useful to their devious cause. Once they’ve obtained a proper list, they create an almost identical email account from a new location to eliminate any audit trail. The new email address would be mocked up to match the executive’s account in all aspects, posing as the individual, including both an identical digital signature and lettering. The only difference may be that, for example, a zero replaces an “o” within the address line — John@Corporation.com vs. John@C0rporation.com.

As you can see, the addresses look all but identical. And to many subordinates in the workplace, the specific request from a CEO or CFO may not be questioned or thoroughly examined.

From the falsified account, the request would be made that funding be transferred to new accounts.


This “Business Email Compromise” technique has affected businesses in all 50 states in the US, and 79 other countries around the world. More than 7,000 companies here in the United States alone have been targeted, according to Brian Krebs (of Krebs On Security), totaling a worldwide sum of $1.2 billion in losses. Recently, a tech firm called Ubiquiti revealed that they had lost over $46 million due to CEO Fraud and so far have only been able to recover $8 million of that loss.

Make sure to always have your employees, banking institutions, financial departments, and business partners verify the authenticity of an email message requesting vital information or financial alterations. And remember to never click on links within emails unless you are absolutely one hundred percent sure that the email address (or message) has not been compromised or fabricated.

Take the necessary precautions to ensure that your business operates in a secure environment, otherwise your company may be making headline news for all of the wrong reasons.


Samuel Lang

Content Manager – NeoCertified

Untitled Document