hero image

CxO Fraud More Dangerous Than Ransomware


Whilst ransomware has been making headlines lately, cyber criminals have been using the cover of the pandemic and the increase in remote working to commit what is known as “CEO fraud”. CEO fraud is not about dodgy accounting practices or money laundering. The term refers to cybercrime that involves cyber criminals masquerading as high-ranking organisation executives to trick staff into conducting fraudulent transactions. It is also known as business email compromise (BEC) or email account compromise (EAC) as the fraud is usually conducted through email.


Recent trends indicate that cyber criminals are also impersonating other board-level executives such as chief financial officers (CFO) and chief operating officers (COO), hence the term CxO.

As mentioned, CxO fraud is normally conducted through email. This is done using a combination of phishing and spear phishing techniques. Phishing is a type of social engineering attack where cyber criminals attempt to trick a person into revealing confidential information. This could be credentials, personal information, or account numbers. Phishing messages are normally “cast” out to a broader audience in the hopes of “getting a bite”. Spear phishing usually targets a specific individual or group. More effort goes into making the message believable using information found through previous phishing campaigns, social media sites and company websites.

Social engineering plays a large part in the success of CxO fraud. To an unsuspecting employee, emails are coming from a senior-level boss claiming urgent action. The CxO is often on holiday or in a meeting and not in a position to go through normal channels. This can put the employee into action without questioning the validity of the request, as time is of the essence, and they do not want to disappoint their boss.

Why should we be concerned about CxO fraud and email compromise in general?

  • According to the UK Government’s Cyber Security Breaches Survey 2021, around 79% of 654 business and charities reported some type of phishing email over the last 12 months. Reports of ransomware accounted for roughly 6%.
  • According to the Verizon 2021 Data Breach Investigations Report, phishing was present in 36% of breaches in 2020. Ransomware was present in around 16% of breaches.
  • According to the U.S. Federal Bureau of Investigation’s (FBI) Internet Crime Report 2020, BEC/EAC accounted for over $1.8 billion in losses in the U.S. in 2020. Ransomware only accounted for $29.2 million.

It takes more than a silver bullet to mitigate the risks of these attacks and reduce exposure. A multi-pronged approach is required and involves the following three pillars:

  • Employee Education - increase employee awareness so that they know about CxO fraud and how to identify an attack.
  • Documented Processes – document and implement processes that require an out-of-band response. An out-of-band response is another means to validate the request. For example, if a CxO sends an email to authorise a payment, have a process in place where the CxO is called on a known number to verify the authorisation.
  • Technology - use email authentication protocols such as Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM) to protect your domains and prevent email spoofing. If possible, augment these protocols with email scanning solutions that can automatically detect CxO fraud attempts.

It is often the threats reported in the media that we pay close attention to. However, we should use all sources available to us to get a better picture of the threats that may impact our companies. Although ransomware is grabbing the headlines now, it is not necessarily the biggest threat we should be worried about.