Identifying Phishing Scams

Chief executive officers (CEOs) have high-profile jobs that make them a target for hackers or even former disgruntled employees looking to breach the company’s databases. Phishing scams are common attacks typically involving an email or private message.

A phishing scam might look like it’s from a team leader or employee. It may also appear to be from a customer or company owner. Since many companies list staff on their websites, bad players easily access information.

Fortunately, company leaders can identify and prevent data theft by following simple rules and being aware of the potential for fraud. Here is how to identify phishing scams.

1. Know the Risk

The Internet Crime Complaint Center (IC3) received 800,944 complaints in 2022 about potential internet crimes. The complaints resulted in $10.3 billion in losses. Phishing emails are just one way criminals try to get data.

When leaders understand how prevalent attacks are, they can be hyper-vigilant about how they respond to messages and emails and what credentials they share. Pay attention to business news. What attacks were successful, and how did scammers gain access? Keeping a running list of examples may prevent rushed reactions during a busy day.

2. Avoid the Story

Phishing emails often contain an elaborate story about protecting an account, financial information or company. Since CEOs and chief financial officers (CFOs) often have access to credit card accounts with high spending limits, cybercriminals may spend more time developing a believable story when targeting these individuals.

The story usually encourages the recipient to click on a link or button and input information on a website. The story could be as simple as saying the CEO needs to respond to interview questions for an article in a famous publication. Once they click on the link to the questionnaire, a keystroke logger or other malicious software can track their movements or open backdoor entries into company-wide databases.

3. Trust No Messages

Phishing scams may come from other sources, such as direct messages. With the global nature of the economy changing and more people working remotely, companies have begun using more online platforms daily. For example, the Darktrace 2023 Threat Report reveals that 83% of Fortune 500 companies utilize Microsoft products such as Teams to conduct virtual meetings.

Because cybercriminals know that most companies use the software, they attempt to trick CEOs by sending them direct messages that appear to be from a colleague. According to the same report, they identified some abnormalities delivered via Microsoft Teams in an effort to infect the target individual’s network with DarkGate malware. The hackers used SharePoint as a destination and used the name of a person. However, the person was not an employee. The hackers sent many messages on Microsoft Teams, trying to deliver fake links and infect the system.

Once a person clicked on the mock Sharepoint link, a process began where executable files and scripts were downloaded and hundreds of HTTP POST connections were made, which then went to a DarkGate endpoint.

The best way to avoid a CEO or anyone else in the company clicking on a link that might infect the entire system is to set a policy that no one clicks on links arriving via messages or emails.

4. Install Firewalls and Virus Protection

Even the most vigilant person sometimes falls for a seemingly innocuous message. Hackers might also target CEOs on a personal level, hoping to gain access to their private funds or information they can use to gain access to company databases.

People are on social media with their lives laid out for the world to see. Such personal details can lead to scams that seem almost authentic. For example, the scammer might grab the CEO’s adult child’s name from details on social platforms. They then craft an email or phone call where they pretend to be that person or a representative for them and ask for money to get out of a crisis or get home.

The scam taps into the person’s emotions and fears for their loved one, creating a sense of urgency and spawning a panic state in the recipient. They may not make decisions as clearly as they otherwise would. Although company leaders tend to measure their responses, people are human. They may click on a link and send money or open their finances to cybercriminals before realizing what they’ve done.

A good course of action for CEOs is to never click on a link or send gift card codes remotely. Always use a separate phone or way of directly contacting the loved one and ask if they sent the message.

CBS News reports Americans lost about $10 billion to online scams. The "grandchild in trouble" attempt can come through direct message, email or phone. However, scammers may also mention a wife, friend, child or relative in trouble. Although older adults are a popular target, CEOs may also fall victim to similar attempts because of their access to large amounts of funding. A valued employee needs help, the CFO wants the CEO to authorize a significant expenditure or the company owner is in trouble could all be phishing attempts personalized to the brand.

Avoid scams by slowing down responses and thinking. Ask questions only the person would know.

5. Be Cautious of Password Alerts

SC Magazine reported that fraudsters sent fake Office 365 password alerts to business owners, CEOs and other corporate leaders. Around 45% of the attempts targeted CEOs, and 9.7% went to managing directors.

Malicious phishing pages trick leaders into sharing passwords. The hackers can then get into the system and gather sensitive data. They might then steal emails and customer information or install ransomware and demand payment to release the systems a company relies on to conduct business.

CEOs should never click on a link, even from a prompted alert, but always go directly to the website or software to change credentials. If the attacker gets into the email account of a C-level executive, they can spy on the company, sell trade secrets and develop malicious schemes against the company.

6. Slow Down

Executives have a lot of work on their plate. The health of the company hangs in the balance. It’s natural to take shortcuts to speed up processes and try to accomplish more. However, sidestepping security protocols can put the entire organization at risk.

According to Forbes, around 76% of CEOs bypass company security protocols to finish things faster. Hackers know these statistics and benefit from them by creating more sophisticated phishing attacks. They create imaginary fires that the person must put out immediately and encourage them to act now.

Instead, leadership should practice pausing before responding to a sudden urgent request from an outside party or even what appears to be internal. Take a few minutes to collect thoughts before responding and follow security protocols, even if they take additional steps and time.

Create and Follow Protocols to Identify and Avoid Phishing Scams Targeting CEOs

The best way to avoid phishing attempts aimed at company leaders is to put strict policies in place for handling emails and messages. Although CEOs juggle multiple hats, security should be a cap without room for creativity or adaptation. Take the time to ensure everything is legitimate and reduce the risk of compromising company data.