We obviously know that phishing is a threat, but even we were surprised to read that over 50% of respondents to a Lloyds Bank survey said they received phishing emails from scammers posing as their boss. This particular kind of phishing attack, known as “CEO Fraud”, can pay off when scammers convince junior employees to pay a fake invoice, or forward other valuable information to whom they believe is a top executive.
CEO fraud is sophisticated from both technological and social angles. Receiving an email from a trusted, high-ranking contact doesn’t raise concerns, as these kinds of messages “feel normal.” Attackers rely on this misplaced trust and a worker’s desire to please the boss. Criminals can use social media or even out-of-office messages to understand the business structure of an organization. They can then craft fake emails and attempt to reach several people within an organization, hoping at least one of them falls for it.