Your cyber intelligence source

How to spot and stop CEO impersonation scams

How to spot and stop CEO impersonation scams

Your most valuable assets – your executives – are also a criminal's most potent weapons. Here’s what happened with the recent M&S CEO voucher scam, and how you can look out for it…

It’s vital that businesses monitor social-media posts more closely, following a recent discovery of content on Facebook claiming to be the CEO of Marks & Spencer offering vouchers. The activity highlights the growing threat of impersonation scams.

The adverts showed a man, claiming to be M&S CEO Steve Rowe, holding M&S branded bags. They urged people to click on a link with a chance to win a goodie bag and £35-worth of vouchers – in efforts to steal personal data.

In a statement, Marks & Spencer said: ‘We have been made aware of this and it isn't genuine, our colleagues are investigating further.’ Think tank Parliament Street’s cyber research team discovered the fraudulent ads.

The incident has led to calls for businesses to do more to protect their branding and senior executives’ reputations from the vagaries of social media.

The social beasts
“The best thing an organisation can do is to have an active social-media team that monitors the space and reacts to any such scams emerging as soon as possible, said Kevin Reed, CISO at Acronis, “this should also include having a clear statement on the company's website that explains where all official competitions are referenced. And it should include advice recommending users be careful when they asked to provide personal information.”

Tim Helming, security evangelist at DomainTools, told SC Media UK that the name or likeness (in terms of electronic media) of a CEO can be a powerful part of a company’s brand. “This means that CEOs, along with other executive leadership, must be proactive in building their legitimate social-media presences, to help make impersonation more difficult.

“If a CEO has little-to-no online presence then the first fraudster who successfully establishes that presence, illegitimately, gains an advantage.”

Zeki Turedi, CTO, EMEA at CrowdStrike, told SC Media UK that CEOs need to remember they must protect their customers and brands at all cost: “Voucher scams are a simple example of how actors can easily mis-use and target a legitimate company’s customers for malicious reasons.

“Whatever the threat, advanced or opportunistic, it is paramount that organisations and CEOs understand the cyber threats out there. Be it via investing in the right technologies so security teams can move quickly to shut down any intrusions or identifying fraudulent sites using their branding.”

Impersonation, impersonation, impersonation
Phil Hay, head of threat intelligence analysis at cybersecurity company Mimecast, said that it is not a surprise to see the CEO impersonated, as from his firm’s analysis CEOs are currently the most targeted candidates in these ‘project-related’ impersonation attacks. This is unlikely to change.

“Our research has shown that 36.4 % of IT professionals surveyed in the UK say their organisation’s CEO is the most targeted exec. Variations or further development of this type of tactic is also likely to include impersonation of other key and senior personnel within organisations, in an attempt to induce compliance with the instructions given. The public must be aware of these attacks and do their due diligence before entering personal information.”

Upcoming Events


How to Automate the Lifecycle of Joiners, Movers, and Leavers With No-Code Solutions

Streamlining the lifecycle of joiners, movers, and leavers using no-code automation

The process of onboarding new employees and quickly removing departing staff profiles can be both time-consuming and labour-intensive.
In this live webinar, we will look at how to streamline these processes to save time and resources, and providing a smooth experience for both admins and employees.

Key takeaways:
  • Understanding the importance of securing the joiners, movers and leavers process
  • Exploring successful attacks that occurred due to errors in managing these transitions
  • Discover which advanced controls can be utilized
image image image