Are you in the Office?
From: Pete (CEO)
To: Brian (Someone LinkedIn shows are in Finance at the CEO’s company)
Are you at the office?
Sent from my mobile device
If this looks familiar to you, then you’ve received a phishing email of the CEO Scam variety, and if you responded that you are… of course you would because it’s business hours and your boss is asking if you’re working… they likely asked you to set up a wire transfer to a bank account, most often in Eastern Europe.
What was once a once-in-a-blue-moon kind of thing, has seen a huge jump in reports to my company’s internet abuse reporting address over the last couple of weeks.
This has prompted us to disable access to the fraudulent email account as soon as we are notified, verify that it is fraudulent, disable the email address completely, and have our customer care team work contact the customer to recreate their account to ensure that they are completely re-secured by having all new information.
These scammers have most likely compromised the social network for the CEO in order to find out if they have posted about being/going on vacation, and may have even used the same credentials (especially if it’s from the LinkedIn breach) to access the organization’s webmail to check if there is an out-of-office auto-reply set up, so that they can verify that the CEO is actually out of town. Amusingly enough, I did see one yesterday where apparently the OOO was left on, but the CEO was back already, so the CFO asked the sender if they remembered JUST meeting with them and to walk back down to his office to discuss the request.
They’re more clever with this campaign, however that’s not really a high bar.
Oh well, back to the digital trenches.