Identified Operations

Intrusion Prevention to enforce Identity Verification (CEO FRAUD)

CEO Scams and Social Engineering: Social engineering is the use of human behavior to accomplish a goal. In the case of email scammers, there is an element of surprise that comes with being attached over an email. The people who setup these email scams never planned on an email client having geolocation visibility. Some scammers will block their IP address, in an attempt to avoid IP address checking all together. But, if the CEO sends you an email and it usually comes from California, and the suspect email has a blocked IP address… the email user still knows a scam is at hand.

Identified Microsoft Outlook Add-in

High-Value Shield Protection

geolock

 

eMailGPS Outlook Identified Add-in

eMailGPS Identified, enforces email user geolocation verification before sending high-level emails to fight against executive scams, A great solution for small-to-medium (SMB) business protection.

GeoLockTM 

Identification Compliance

Provide security compliance by enforcing email user geolocation verification before responding to email addresses with high value targets like CxO staff, purchasing, procurement, etc.

Intrusion Protection in Action Preventing a CEO Scam

CEO Normal Operations

When the CEO sends you emails….                                                     They come from your company’s email server…

CEO Normal Operations

CEO Compromised Operations

When someone spoofs(fakes) your email address…                  They come from somewhere else…

CEO Compromised Operations

CEO Scam at FACC

CSO Reports on May 26,2016. FACC’s board on Wednesday fired Walter Stephan, CEO of the Boeing and Airbus supplier, due to errors made in connection with what it called a “president fraud incident” that the firm discovered in January. Fraudsters collected €52.8m ($47M USD), FACC said that its share price had fallen 38% since the incident.

The result of a January 2016 Spoofing Loss…

The fraud also left FACC with an operating loss of €23.4 million, compared with a €18.6 operating profit had the incident not occurred.

FACC Effect on $47M FRAUD

Before being stood down, Stephan told investors at the firm’s full year results on Wednesday,: “The fraud did not take place via our Internet or IT system but by means of a simulated email correspondence under my name, which does not require any hacking.”

FACC Press Release

EANS-Adhoc: FACC AG / Chief Financial Officer Mandate Terminated. Reorganisation of Financial Department

Board of Directors (Appointments and Changes)

03/02/2016 Adhoc FACC AG announces that the mandate of Ms. Minfen Gu as chief financial officer of FACC AG terminates with immediate effect. The Supervisory Board initiated the search for a successor. To the current state of the forensic and criminal investigations, the criminal activities which targeted the financial accounting department were fraudulent actions involving the use of a fake identity (so-called fake president fraud). FACC’s IT infrastructure, data security, IP rights as well as the operational business of the group are not affected by the criminal activities. No evidence of malware has been identified. The management board is fundamentally reorganizing the financial department and pursuing damages and insurance claims. To assist the management board in the reorganization of the finance department, the supervisory board appointed its member, Mr. Yongsheng Wang, on an interim basis to the management board.

Further inquiry note:

Manual Taverne
Director Investor Relations
Mobil: 0664/801192819
E-Mail: m.taverne@facc.com

The results could have been quite different…

Had the CEO only had eMailGPS,  he would have seen that the IP Address was in China and he expected Redmond, WA… he could have notified the Email Security and Support Teams and he would have mitigated the €52.8m ($47M USD) loss, the 38% Stock drop, the company would have reported a €18.6 ($21M USD) operating profit and he would still be CEO.

High Valued Shield Intrusion Protection - Identification

 

With eMailGPS…

The this spoofing address is now also blocked by the Firewall by the Email Security and Support Teams.

High Valued Shield Intrusion Protection - Firewall Update Stops Intrusion

Other Documented Scams that may have been avoided

If University of Chicago, IT Services had eMailGPS deployed a simple geolocation would have prevented several email scams.