CEO fraud

CEO Fraud也叫Fake President fraud,也叫Business Email Compromise(BEC)。中文可译为“假冒总裁骗术”,是横行江湖多年的一个老牌社交诈骗手法。

值得一提的是,很多网站和公司把英文social engineering翻译成“社交工程”,把social engineer译为“社交工程师”,这是极大的错误。

Social engineering的唯一正确翻译是“社交诈骗”,social engineer是“社交诈骗分子”或“社交骗子”。

社交诈骗是一个很大的话题,本文仅谈CEO fraud(假冒总裁骗术)的部分内容。

CEO Fraud is a scam in which cybercriminals spoof company email accounts and impersonate executives to try and fool an employee in accounting or HR into executing unauthorized wire transfers, or sending out confidential tax information.

The FBI calls this type of scam “Business Email Compromise” and defines BEC as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

How the fraud works

By using a fake identity, this scam consists in convincing the employee of a company to make an emergency bank transfer to a third party, in order to obey an alleged order of a leader under the pretext of a debt to pay, a provision in contract or a deposit, for instance.

These type of frauds are created by well organised criminal organisations with a complete knowledge regarding the market, structure and customers of the companies they are attacking. This knowledge is used to give them all necessary arguments to convince their victim and act in the wanted direction.

Typical Scenario

  1. Establish contact
  2. Urgent and exceptional request
  3. Persuasive dialog
  4. Transfer order