According to the FBI, between December 2016 and May 2018 there was a 136% increase in identified global losses related to email scams such as executive fraud—when perpetrators impersonate high-ranking executives and demand sensitive information from company employees. These losses resulted in $12.5 billion in exposures between October 2013 and May 2018 (source).
With this potential financial benefit, malicious actors are increasing their use of executive fraud email attempts. As business leaders continue to adjust their security strategies to account for changes in fraudulent tactics, still our best defense is to be educated on how to identify these threats if they do land in our inbox.
6 Questions to Ask to Detect Executive Fraud Emails:
- Does the “From” address reflect the person who sent the email?
- Look for any misspellings and hover over the address to reveal the true address of the sender.
- Does the email contain poor spelling and/or grammar?
- Malicious actors produce these attempts from across the globe and rely on translators to populate email content.
- Does the message ask for personal information?
- Never provide personal information over email, instead contact the known source directly.
- Does the message ask for money and/or financial information?
- Never act on a transaction from email exclusively—contact the proper source directly.
- Does the message have a high-level of urgency with little to no details?
- This is a common tactic to lower our guard and get us to act without thinking.
- Does this email feel out of character for this sender?
- If you have interacted with the sender before you will recognize the tone, signature, and email structure. If it doesn’t match, don’t trust it.
There are two major don’ts whenever there is an email in question:
- Don’t click on any links.
- Don’t open/save any attachments.
ALWAYS REMEMBER: If an email feels out of the ordinary, personally verify its validity through means other than email, like a phone call.
Following these guidelines will help in identifying a possible executive fraud email.
Learn more about executive fraud email: