Scammers are posing as CEOs over email to get payments for six-figure invoices and make HR reveal employee salaries

Increasingly, hackers posing as the CEO are scamming companies out of hundreds of thousands of dollars.
Pixabay

No, you’re not being paranoid. Yes, that urgent email from the CEO could actually be an evil plot.

At least, that’s what researchers from global telecomms company Verizon found in its 2018 Data Breach Investigations Report published earlier this year.

The cybersecurity report, which analysed over 55,000 data breaches and hacking attempts across 65 countries, discussed the rising trend of financial pretexting, which are cyber scams where hackers obtain the email accounts of high-level business execs, or use email addresses with usernames and domains very similar to the execs in question.

This lets them impersonate CEOs in emails to company staff – particularly finance and HR.

Finance employees get a phony email from a scammer posing as the CEO, requesting for a wire transfer of cash or for fake invoices to be processed.

As for HR staff, scammers email them requesting for confidential employee information, such as salary, the report added. With this information, scammers – now pretending to be the employee – then file fraudulent tax returns and send the refunds to their own bank accounts.

These scams are “lucrative”, the report said, resulting in “numerous six-figure losses.”

According to the report, pretexting scams have tripled since last year to hit 180 in 2018. This big jump is due to a surge in attacks directed at HR staff, which other studies say are often not trained to protect data.