The president scam is a growing practice. The idea of staying at the other end of the screen and getting €500,000 in one fell swoop has made this attack an activity that many hackers indulge in. These methods expose a large number of companies to the risk, and merit a closer look.
Understanding the president scam
To understand thepresident scam, you need to have an overview of what a transfer order is and how it works. This is a funds transfer order which is binding on the issuer. It involves a transaction from one bank account to another. In general, transfer orders can be made in one of three ways: at your bank counter, by post or via the Internet. These means, which depend on the bank, will also affect the security of your bank account in different ways. It should be noted that these aspects are linked to the transfer prerequisites.
For example, to make a transfer order by post or at your bank’s counter, you’ll need a piece of identification which, of course, tells us who you are. In addition, we add your account number, the date, the name and address of the beneficiary, the amount to be transferred and your signature. Unlike this framework, Internet transfer orders dematerialize these prerequisites, but require them in an online banking area from which you can control everything. All in all, there are several transaction levels from which a false transfer order can be triggered, i.e. a transfer order that does not actually have the owner’s approval.
So, whether it’s an employee who validates a transaction thinking it’s been endorsed by his boss, or an individual who forges a normal transfer order for personal profit, this practice is part of the list of forged transfer orders. More specifically, however, forged bank transfer orders , also known as the “president scam”, concern companies where ill-intentioned individuals most often request a transfer on the basis of an illegitimate document.
How do scammers do it?
While it may seem simple to some, the president scam requires a relatively advanced knowledge of computers, making it an attack on the official hackers’ list. Indeed, between impersonating an individual and sending e-mails in their name, these are acts of spear-phishing. To get the conversation started, we usually communicate by e-mail. The process involves several techniques.
The aim here is for the scammer not only to take advantage of the element of surprise, but also to generate a sense of urgency in the employee. In the first case, there’s a good chance that the conversation was the first with the alleged CEO. In the second, driven by the first, the employee is motivated not to disappoint his boss, who has “trusted” him to “keep a surprise secret”, for example.
It’s a strategy in the vein ofsocial engineering. Unlike the previous technique, this one relies on time. By playing on more enduring emotions such as trust, the hacker gradually persuades his victim to accede to his request . His strong point remains the employee’s lack of knowledge of the real CEO.
This is undoubtedly one of the most dangerous techniques in the president scam. Thanks to advances in deep-learning, software can be hijacked to imitate a voice or even mimic a video of someone having a conversation. These techniques can lead employees more quickly into the trap.
How can you avoid falling victim to this kind of scam?
To avoid falling victim to the president scam, it’s essential toestablish basic communication standards in your company. No transfer should derogate from them. Because, in the face of hacker engineering prone to playing on various emotions, it would be vital to oppose a rigidity ready for any test. The most essential points would be to avoid making unscheduled transfers, to issue transfer orders in person, and to institute a confirmation protocol.
You’ll also need to train your staff to recognize this type of attack and its techniques. Because, although it may not seem obvious, its distinctive feature is that it adapts to companies according to their realities, strengths and weaknesses. The key to the President scam is identity theft via the Internet. The hacker is not credible if he doesn’t already manage to give the impression that the e-mail comes from the real owner. That’s why effective protection tools are needed.
The most immediate option is to use a high-performance high-performance e-mail protection service to detect spam and phishing. What’s needed is an effective solution that goes beyond detection to help identify these usurpation techniques. In general, as is the case with all corporate email compromise attacks, president scams share common characteristics: behaviors, approaches, and so on.
In the same way that deep-learning can be formidable in attacks, artificial intelligence can help you guard against them. Some software programs, such as Altospam, can detect it using anomaly detection and natural language processing. This technology must be combined with others to ensure quality filtering via a mail relay. Before sending the e-mail to the recipient, the relay server checks its SMTP validity, and runs it through antivirus, antimalware, anti-spam and anti-phishing systems. This is the best way to protect your mailbox from all kinds of unsolicited messages.
Protecting yourself against president scams involves :
– Adopt a strict protocol when managing your transfer orders,
– Make your employees aware of the different aspects of FOVI,
– Powerful anti-spam software.
President scams are attacks that threaten a significant number of companies, with a rate of 59% compared to fraud attempts in general. So it’s not a threat to be taken lightly!