What is CEO Fraud/BEC?

Cyber attackers continue to evolve an email attack called CEO Fraud, or Business Email Compromise (BEC). These are targeted email attacks that trick their victim into taking an action they should not take. In most cases, the bad guys are after money. What makes these attacks so dangerous is cyber attackers research their victims before launching their attack. It is also very hard for security technologies to stop these attacks because there are no infected email attachments or malicious links to detect. Here is how the attack works.

The cyber attacker uses the Internet to research their intended victim and people their victim interacts with. For example, if they target you, they would research who your boss is at work or perhaps a real estate agent you are working with from home. The cyber attacker then crafts an email pretending to be one of these people and sends it to you. The email is urgent, requiring you to take an action right away, such as processing an invoice, changing who you make a payment to, or convincing you to reply with sensitive documents. The email works by pressuring you into doing what they want.

Increase in financial cyber threats in Turkey

According to a Financial Cyber Threats report by a private software company, attacks in the financial sector are becoming increasingly enterprise-focused.

The data shows that the number of financial cyber threats attacking users in the corporate sector in Turkey, especially banking Trojans, increased from the first quarter to the second quarter of 2022. Financial phishing initiatives in banks and e-commerce also increased during this period.

The Banking Trojan is known as a type of malware that is widely used to steal data stored or processed through online banking systems, e-payment systems and plastic card systems. The number of corporate users attacked by banking Trojans in Turkey increased by 11 percent in the second quarter of 2022 compared to the first quarter.

While financial phishing is rapidly gaining momentum in the region as a way to steal information, phishing corresponds to a type of online fraud in which fraudsters send fake alerts from banks, e-payment systems and other organizations to trick consumers into sharing their financial information. Alerts sent by the scammer may be related to data loss, updating credentials, or a system failure that led to the theft of passwords, credit card numbers, bank account details and other confidential information.

8 Tips to Detect Phishing Attack

– Beware of typos and visual impairments in messages.

– Be aware of providing your confidential information.

– Be careful even if the email sender appears to be trusted, if you suspect, contact the sender by phone and get confirmation for the email.

– Although it may look like an official website, don’t be tricked by the beautiful design of a website. Use the web address of the relevant institution or organization that you know.

– If you don’t know the person who sent the email, be careful, don’t click on any links, don’t open the attached file.

– Be careful if the email does not use an appropriate address.

– Don’t rely on emails asking you to take immediate action.

– Always be very careful about email attachments.