Increase in CEO Frauds - This time in Denmark

Morten Møller Nielsen

Morten Møller Nielsen

IT Security Consultant

January 21, 2020 at 10:05

CEO fraud scams have been increasing in volume and variety for several years. Several cases in Denmark seem to have the same attacker. Awareness and sticking to company procedures will increase cybersecurity level to prevent future attacks.

Danish companies on target

At the end of 2019, at least three attacks against Danish companies succeeded in stealing large amounts of money (we’re talking about millions). Based on the short period of time and the method, it’s most likely the same hacker. This is what happened in all three cases:

  • A partner or subcontractor was compromised.
  • The hacker follows/reads the e-mail correspondence.
  • The companies agree on an amount for the service.
  • The hacker creates a typosquatting domain (also called URL hijacking, a sting site, or a fake URL) and forwards an invoice with their own account number.
  • The hacker keeps following the correspondence with both companies to delay their perception of something that has gone wrong.
CEO frauds (cyber-attack by phishing) are increasing.
CEO frauds are increasing.

This is a typical example of a CEO fraud, but what is interesting in these cases, is the short period and the similar method in all cases. These attacks differ from past CEO frauds because they were conducted through a compromised subcontractor and because the hacker keeps following the correspondence.

An everyday phenomenon

CEO fraud scams have been increasing in volume and variety for several years. Especially during vacation times, cybercriminals take advantage of the opportunity that arises when temporary workers man offices and the probability of a successful scam is higher than usual.

These scams are a form of cyber criminality. The criminals acquire information about the company and its executives and approach those who are responsible for making payments with a fake e-mail in which they request an urgent or exceptional payment. The e-mail is often signed by the CEO and looks real.

In some cases, a CEO scam is related to a data security breach. This makes the scam very challenging for the person who is targeted. The data security breach has given the criminal access to the organization’s data systems, where they can learn about organizational finances or, for example, future acquisitions. These scams differ from typical payment scams as they are more sophisticated, and the sums paid can be substantial.

What to do?

An organization can do a lot to prevent scams. The organization’s own pre-planned and established processes play a crucial role in stopping cyber-attacks. Education and training on information security matters for all staff can stop an attack or at least reduce the probability of it being successful.

In addition to this, constant vigilance is required of all staff. The following tips will go a long way:

  1. Always use the processes and practices for approving and handling payments that your company has agreed on. Remember this also in exceptional situations where you are in a hurry.
  2. Always check the account number, is it the same as before? Double-check by phone or consult your cybersecurity advisor if you're in doubt.
  3. Never disclose information about the technology your company uses over the phone and never give your passwords or usernames to anyone.


Want to keep track of what's happening in cybersecurity? Sign up for Nixu Newsletter.

Related blogs