MediaPro’s Steve Conrad Weighs In on Compliance Week C-Suite Impersonation Story

On: October 21, 2016
MediaPro's Steve Conrad comments on the need for c-suite security awareness in a Compliance Week story on executive business email compromise.

Executive impersonation schemes, categorized by the FBI as business email compromise (BEC) scams, are on the rise, reports Jaclyn Jaeger of Compliance Week.

According to the FBI’s Internet Crime Complaint Center (IC3), BEC scams have affected more than 22,000 domestic and international victims, resulting in $3 billion worth of losses.

Unlike regular phishing attacks, malicious actors research both the victim, and the executive they are impersonating, in order to appear convincing enough to get what they need, Jaeger writes. Information can be gleaned from pretty much anywhere, including publicly-available information like social media and company websites.

According to Jaeger, this knowledge is used to craft emails that appear to be from an executive’s third-party email account offering excuses such as “I’m working remotely and don’t have access to work email,” for why the email is not coming from a work account.

There are a number of these red flags you can look for, such as an element of secrecy or urgency, Jaeger writes. More importantly, basic cybersecurity awareness can help determine the validity of these requests. MediaPro’s Steve Conrad tells Jaeger:

“People need just be aware of what those (red flags) are through communication and education to really help them understand what to look for in those instances,” Conrad told Jaeger.

As Conrad mentions, employee awareness and education are both crucial in successfully identifying these threats:

“Risks change all the time,” Conrad says. Executive impersonation schemes, for example, weren’t on the radar two years ago. “How many training programs have something like this? They don’t. As these new risks come up, you need to get these training nuggets out to the right people as soon as you can,” Conrad says. “People need to look at the ongoing education as a process not an event.”

Please click here to read the full article.

Note: The article requires a subscription to view in full.

Share this Article

Related Articles

MediaPro's Steve Conrad talks with CSO Online about the importance of teamwork between HR and IT to safeguard cybersecurity.
MediaPro’s Steve Conrad Quoted by CSO Online on the Need for Better Teamwork Between IT and HR
Join MediaPro Founder and Managing Director Steve Conrad as he outlines the impact of a risk-aware corporate culture.
Video: MediaPro Best Practices: Why Prioritize Employee Awareness?
Recently, MediaPro Managing Director Steve Conrad chatted with Thor Olavsrud of CIO.com on about what makes security awareness programs work.
CIO.com Features MediaPro in Story on Crafting Effective Security Awareness Programs
Learn from MediaPro Founder and Manager Director Steve Conrad how make the business case for a robust employee awareness program
Video: MediaPro Best Practices: Making the Business Case for a Robust Awareness Program