On March 8th 2018 the chief executive and the financial director of Pathé Netherlands, part of cinema-company Les Cinémas Gaumont Pathé, receives an e-mail of the French head office with an interesting request. Pathé Netherlands should transfer the French head office 826.521 euro’s as soon as possible, because the mother company wants to take over a company in Dubai in secret. Management is suspicious but listens to the French head office and transfers the money.
After the first e-mail more requests to transfer money to the French head office follow. The numbers vary between 2.5 and 5.8 million dollars.
Fast forward a couple of weeks later the French head office calls the Dutch management team: why is Pathé transferring so much money?
CEO-fraud is on the rise
What happened here? As it turns out Pathé didn’t communicate with the actual head office, but with a cybercriminal who pretended to be part of the French head office. In the end, the financial director and chief executive transferred 19 million euro’s to the cybercriminals. And that money is never coming back.
We call this form of fraud CEO-fraud and it’s on the rise. According to the FBI this form of fraud, where someone pretends to be the executive of a company, cost companies 1.2 billion dollars last year. Cyberfraude costs companies in Belgium 94000 euro’s on average, a study by BDO Belgium finds. When a company winds up being the victim of CEO-fraud, the costs can get as high as 350.000 euro’s, techwebsite Tweakers writes.
This is a social engineer
CEO-fraud is only one tool the social engineer uses. A social engineer is someone who pretends to be someone else to gain sensitive knowledge. Often this knowledge is the beginning of access to more knowledge: think passwords but also personal information like your date of birth or the document number of your passport.
Social engineers use CEO-fraud to gain access but they are also fans of phishing, where they for example pretend to be your bank to gain your financial information. These e-mails have long surpassed the level they used to have when they were pretending to be a Nigerian prince. These days, it’s incredibly difficult to see if an e-mail is real or a phishing mail. Not sure if this is true? Put yourself to the test in this Google-quiz.
The world through the eyes of a social engineer
Phishing and CEO-fraud are two examples but a serious social engineer has many more tricks up his sleeve. Want to protect your organization? Learn to think like a social engineer. When you look at your organization through the eyes of a social engineer, all these vulnerabilities you hadn’t seen before will become clear to you.
Want to know more?
At Global Knowledge we teach you how to recognize the social engineer, but also how you can protect your organization against him. Have a look at the possibilities by clicking the button.
Just remember – social engineers are everywhere and it’s just a matter of time before they try to get into your organization.