Socially engineered CEO impersonations target new hires

Jan. 30, 2024
This a threat because employees, especially newer ones, are less likely to question directives that seem to come from the top

In the evolving landscape of corporate communication, CEO impersonation is a growing trend presenting significant risks for organizations, particularly through diverse communication channels. Impersonation attacks, often executed through social engineering, can have devastating impacts on businesses including monetary loss, brand damage and data loss.

These incidents go beyond traditional email phishing, extending into more personal channels like text and mobile messaging. The attacks are tailored to exploit the vulnerabilities of employees, like new hires or remote employees who may be more isolated and potentially less aware of organizational communication norms.

But why CEO impersonation? The answer lies in the authority and trust associated with the role. Employees, especially newer ones, are less likely to question directives that seem to come from the top. This inherent trust in leadership makes CEO impersonation a particularly effective and dangerous form of fraud.

Rising Threats of CEO Impersonation

CEO impersonation scams are increasingly challenging to detect. Spam filters often fail to catch impersonation emails, leaving even the most vigilant employees vulnerable. These scams can lead to substantial financial losses, time wastage, and leaks of sensitive information.

Common impersonation indicators include:

  • Incorrect email address
  • Unusual requests
  • Unusual language, grammar, and spelling
  • Urgent tone
  • Emphasis on confidentiality
  • Unsolicited contact or attachments
  • Domain spoofing
  • Suspicious links or attachments

Traditionally limited to email-based phishing, CEO fraud is evolving rapidly. Cybercriminals are now exploiting other communication platforms, including social media channels, to conduct these scams. With the aid of artificial intelligence (AI), these attacks are becoming more sophisticated. Using AI-powered tools to mimic voices and speech patterns makes these scams more convincing and harder to detect.

Traditionally limited to email-based phishing, CEO fraud is evolving rapidly.

Vulnerable Groups at Risk

New hires can be particularly susceptible to CEO impersonation scams. Unfamiliar with the company's communication norms and executive team, they might not recognize fraudulent requests. This vulnerability emphasizes the need for comprehensive training for new employees on cybersecurity best practices and recognition of potential scams.

The rise of remote work has also amplified the risks of executive impersonation. Lack of direct oversight and potentially lower cybersecurity measures in home offices provide a conducive environment for such attacks. Additionally, the lack of cybersecurity awareness among employees can lead to inadvertent disclosures of sensitive information or in compliance with fraudulent requests.

Mitigating the Risks

One of the first steps organizations can take to effectively combat CEO impersonation is establishing a robust verification protocol for executive requests and implementing multi-factor authentication (MFA). Regularly updating these protocols and conducting employee training sessions on identifying and responding to suspicious activities are crucial.

Beyond these standard protocols, every organization needs visibility. With a growing shift toward new communication channels such as SMS, WhatsApp, Signal and other workplace messaging apps like Slack or Microsoft Teams, multi-channel coverage with full visibility is no longer a “nice to have.” To protect against business communications attacks, unified visibility across multiple communication channels is necessary. Utilizing contextual AI also provides comprehensive visibility that can be especially beneficial in detecting subtle signs of impersonation and other sophisticated threats that traditional methods might miss. This offers an additional layer of defense in a landscape where CEO impersonation tactics are constantly evolving.

As CEO impersonation tactics expand across various communication channels, businesses must proactively address these risks. This involves not only technological solutions like MFA, email filters, and unified visibility but also a strong emphasis on employee education and creating a vigilant organizational culture, especially for vulnerable groups. Orientation in cybersecurity practices is essential to fortify the first line of defense against such sophisticated attacks.

Steven Spadaccini is the Chief Product Officer and Acting Chief Technology Officer of SafeGuard CyberSteven is a seasoned senior cyber executive with more than 20 years of experience working for some of the highest-profile cybersecurity and technology companies in the world. Before joining SafeGuard Cyber, Steven held senior VP leadership positions at Absolute, Trend Micro, Imperva, FireEye (Trellix), and DTEX Systems as well as several other cyber security startups.

About the Author

Steven Spadaccini | VP Threat Intelligence, SafeGuard Cyber

Steven is a seasoned senior cyber executive with more than 20 years of experience working for some of the highest-profile cybersecurity and technology companies in the world. Prior to joining SafeGuard Cyber, Steven held senior VP leadership positions at Absolute, Trend Micro, Imperva, FireEye (Trellix), and DTEX Systems as well as several other cyber security startups.