Lesson 2: Business Email Compromise (BEC) / CEO Fraud

Course Content
Topic 1 – Introduction to Social Engineering
0/4
Welcome
00:36
Why are we doing this?
Standards and principles we follow
What you’ll gain
Topic 2: Common Types of Social Engineering Attacks and Real Cases
0/4
Lesson 1: Phishing & Smishing
Lesson 2: Business Email Compromise (BEC) / CEO Fraud
Lesson 3: Vishing (Voice Phishing / Telephone Scams)
Lesson 4: Fake Customer Service Scams
Quiz
To assess your knowledge
0/1
Social Engineering Awareness Quiz
Social Engineering Training
  • Fake Executive Transfer Requests:
    • Attackers send forged emails, social media messages, or compromise legitimate accounts to impersonate company executives and instruct finance staff to make urgent payments. This “CEO fraud” especially targets finance personnel and can cause enormous losses.
    • A classic example is Mattel in 2016: a finance employee received an email impersonating the new CEO, requesting a USD 3 million transfer to a Chinese account.
    • The email used the new CEO’s signature and followed standard business procedures, even referencing an actual partner in China, which convinced the employee it was legitimate. Fortunately, Mattel detected the anomaly in time, reported it, and managed to recover the funds.
  • Sensitive Data Theft:
    • Sometimes attackers are after information rather than money. In 2016, Snapchat fell victim when someone impersonated the CEO and emailed the payroll department, requesting employee salary data. An unsuspecting employee complied, leaking internal payroll details to an external attacker.
    • The company later confirmed this was a CEO impersonation scam and reported it to authorities. This highlights how non-technical staff, such as HR, can also be deceived by fraudulent executive requests.
Lesson 2: Business Email Compromise (BEC) / CEO Fraud
Previous
Next
Scroll to top