Intrusion Prevention to enforce Identity Verification (CEO FRAUD)
CEO Scams and Social Engineering: Social engineering is the use of human behavior to accomplish a goal. In the case of email scammers, there is an element of surprise that comes with being attached over an email. The people who setup these email scams never planned on an email client having geolocation visibility. Some scammers will block their IP address, in an attempt to avoid IP address checking all together. But, if the CEO sends you an email and it usually comes from California, and the suspect email has a blocked IP address… the email user still knows a scam is at hand.
High-Value Shield Protection
eMailGPS Outlook Identified Add-in
eMailGPS Identified, enforces email user geolocation verification before sending high-level emails to fight against executive scams, A great solution for small-to-medium (SMB) business protection.
Provide security compliance by enforcing email user geolocation verification before responding to email addresses with high value targets like CxO staff, purchasing, procurement, etc.
Intrusion Protection in Action Preventing a CEO Scam
CEO Normal Operations
When the CEO sends you emails…. They come from your company’s email server…
CEO Compromised Operations
When someone spoofs(fakes) your email address… They come from somewhere else…
CEO Scam at FACC
CSO Reports on May 26,2016. FACC’s board on Wednesday fired Walter Stephan, CEO of the Boeing and Airbus supplier, due to errors made in connection with what it called a “president fraud incident” that the firm discovered in January. Fraudsters collected €52.8m ($47M USD), FACC said that its share price had fallen 38% since the incident.
The result of a January 2016 Spoofing Loss…
The fraud also left FACC with an operating loss of €23.4 million, compared with a €18.6 operating profit had the incident not occurred.
Before being stood down, Stephan told investors at the firm’s full year results on Wednesday,: “The fraud did not take place via our Internet or IT system but by means of a simulated email correspondence under my name, which does not require any hacking.”
FACC Press Release
EANS-Adhoc: FACC AG / Chief Financial Officer Mandate Terminated. Reorganisation of Financial Department
Board of Directors (Appointments and Changes)
03/02/2016 Adhoc FACC AG announces that the mandate of Ms. Minfen Gu as chief financial officer of FACC AG terminates with immediate effect. The Supervisory Board initiated the search for a successor. To the current state of the forensic and criminal investigations, the criminal activities which targeted the financial accounting department were fraudulent actions involving the use of a fake identity (so-called fake president fraud). FACC’s IT infrastructure, data security, IP rights as well as the operational business of the group are not affected by the criminal activities. No evidence of malware has been identified. The management board is fundamentally reorganizing the financial department and pursuing damages and insurance claims. To assist the management board in the reorganization of the finance department, the supervisory board appointed its member, Mr. Yongsheng Wang, on an interim basis to the management board.
Further inquiry note:
Director Investor Relations
The results could have been quite different…
Had the CEO only had eMailGPS, he would have seen that the IP Address was in China and he expected Redmond, WA… he could have notified the Email Security and Support Teams and he would have mitigated the €52.8m ($47M USD) loss, the 38% Stock drop, the company would have reported a €18.6 ($21M USD) operating profit and he would still be CEO.
The this spoofing address is now also blocked by the Firewall by the Email Security and Support Teams.
Other Documented Scams that may have been avoided
If University of Chicago, IT Services had eMailGPS deployed a simple geolocation would have prevented several email scams.