How to protect your business from executive impersonation

Last updated on: June 8, 2022

Executive impersonation, also known as ‘CEO’ fraud, is the impersonation of trusted executives by hackers – and it’s on the rise. This can lead to employees, customers, or partners giving away sensitive information or money without so much as a second thought. 

Impersonation scammers operate in a range of ways, such as through email phishing, fake social media accounts, and domain spoofing. Executive impersonation is highly lucrative for cybercriminals – and extremely damaging to companies: according to the Federal Trade Commision, impersonation scams cost businesses $2 billion from 2020 to 2021. 

In this article, we help you to understand how executive impersonation works, why it’s more important than ever to protect your business against it, and how to do it. 

What is executive impersonation?

Executive impersonation is when a cybercriminal pretends to be someone working at the company, usually in a leading position. Using fake profiles, they contact other executives, business partners, or customers to defraud them of money or sensitive data. 

How does executive impersonation work?

Executive impersonation scammers have a lot to gain from pretending to be company executives, and what they ask for generally fits into four categories:

• Fund transfers: Cybercriminals will use their disguise as a senior member of the company to ask victims to wire them money in the form of a payment, a salary, or a budget, for example.
• Access to networks: Gaining access to databases is sometimes the goal of the cybercriminal. They may impersonate a senior manager in an email to the IT department to ask for such access.
• Fraudulent sales: A common scam is where cyber-impersonators offer non-existent products and services to customers, receive the payment, and never deliver anything in return. 
• Access to data: False personas will try to extract information by asking questions. For example, a customer service agent may ‘help’ customers to recover their account or credentials by asking them a series of questions that will then enable them to access their accounts and siphon away money. 

Why should businesses be concerned about executive impersonation scams? 

The pandemic caused this type of cybercriminal attack to skyrocket. With company employees working from home, electronic communication was the only means for executives and employees to contact one another. And there’s no better hiding place for fraudsters than the internet.  

This led to a steep rise in executive impersonation via a range of methods, such as email phishing scams, fake social media accounts, and domain spoofing. Between March and September in 2020, around 7000 company CEOs were impersonated. 

The pandemic may be nearing its end and some employees are returning to the office, but be wary of letting your guard down. With flexible and remote working becoming increasingly popular and set to increase in 2023, it’s more important than ever for businesses to prevent outsiders from pilfering millions of dollars under the electronic guise of company peers.

How to spot an impersonation scam?

Anyone can fall for a scam. Cybercriminals are becoming increasingly cunning in the way they acquire the information they need, and it can be difficult to spot the wolf in sheep’s clothing. 

If you’re worried that someone may be impersonating an executive at your company, these are some of the signs you should be looking out for:

• Spoof domains: A spoof domain is a web domain that looks like yours, but is in fact a fraudulent site. Attackers use these spoofing techniques to slip past defenses, so look out for slight variations or misspellings of the real domain name.
• Urgency: Hackers pose as senior figures in the company and request the employee to send them sensitive information or money at short notice. Wanting to impress their bosses, employees may be more prone to acquiescing without question.
• Difference in tone: Is the tone, or are the words, this executive is using out of the ordinary? If so, he or she could be an imposter.
• Personal email addresses: Executive impersonators email employees with financial requests from fake email accounts, or perhaps the email address is slightly different to the company address.
• Watch out for opening lines: Impersonators may first bait the employee with an opening line such as “Are you at your desk?”. This way, they can see who responds and already, their grip around your business tightens.

4 ways to prevent executive impersonation scams

No one particular industry is targeted by executive imposters. Often, they are simply businesses with a compromised email system or the business operates via an unprotected business network. 

The best way to protect your business from hackers is through preventative measures. Below is a list of ways you can guard your business against intruders and potentially devastating losses:

1- Educate your employees

Prevent scams by telling your employees what to look out for. Unusual emails, personal email addresses, urgency, tone: educate them about how executive impersonation works and the signs they should be wary of.

2- Keep up to date with the latest scams

The chances are if your business is being scammed, you are not the only one. Keep your ears open and read the news for any scam alerts, and alert your employees to new scams targeting businesses.

3- Ensure payment controls

Every business should configure their financial transaction systems to have secondary authentication. This could be in the form of an authorization code from an outside platform, or a phone call with the finance controller before the transaction takes place.

4- Proactively protect your business

There are some fundamental difficulties when it comes to tackling executive impersonation scams. It only takes a minute to set up a new email address or fake domain name, so you may identify and report one scammer – only for another to pop up somewhere else. This can be bypassed with technology-based solutions that stop impersonation scams in their tracks – and at scale. 

Red Points Impersonation Removal Software automatically detects and takes down fake accounts, apps, sites and domains. It’s an all-encompassing solution that protects your business from impersonation scams around the clock.

What’s next?

Let’s summarize the key points from what we have learned:

• Executive impersonation fraud is used to acquire money, sensitive data, network databases, and sell fraudulent products.
• Businesses are losing billions in revenue every year to executive impersonations, as well as risking their reputations.
• The most effective way at tackling impersonation scams is by using specialized software to detect and remove the impersonation.

See how you can automatically take down fake accounts, apps, sites and domains with Red Points.