Cybersecurity firm Kaspersky uncovers sophisticated CEO impersonation scam

Kaspersky has detected a series of targeted cyber attacks where fraudsters impersonated company CEOs to deceive finance departments into paying fake invoices. These sophisticated Business Email Compromise (BEC) attacks involved emails mimicking correspondence between executives and alleged contractor companies, urging urgent payments for "consulting services."

The attackers meticulously forged executive identities, creating convincing but fake email threads. A key tactic involved using sender email addresses that had no connection to the displayed sender names, which often included the name of a fictional partner company. In some instances, the fraudulent invoice was attached, while in others, the email itself served as the demand for payment.

Anna Lazaricheva, a spam analyst at Kaspersky, noted, "This attack stands out for its meticulous attention to detail and exploitation of trusted relationships." She emphasized that attackers bank on employees' reluctance to question seemingly authentic high-level requests.

Kaspersky advises organizations to scrutinize sender email addresses, not just display names, and to verify suspicious requests through alternative communication channels.

“When a sender is legitimate, but the content of the message seems strange, it is worth checking with the sender via an alternative means of communication. Check the spelling of a website’s URL if you suspect you are faced with a phishing page. The URL may contain mistakes that are hard to spot at first glance, such as a 1 instead of I or 0 instead of O. Use a proven security solution when surfing the web,”Kaspersky advised.