CEOs, CFOs Targeted by Cyber Whaling Schemes

As a reminder, AAFCPAs warns of sophisticated cyber phishing attacks directed specifically at senior executives and other high level targets within businesses and organizations.  We have seen an uptick in the frequency of these types of attacks, called whaling schemes, where cyber criminals masquerade as a highly convincing business email which may appear to be sent from a legitimate business authority, or even from an internal colleague.  The content is tailored for upper management, generally with the goal of tricking financial staff into making fraudulent wire transfers to bank accounts controlled by thieves. These targeted attacks are known to exploit the close relationship between CEOs and CFOs.  Other Reports of Whaling Schemes include emails appearing to be a legal subpoena, or customer complaint.
The FBI calls such campaigns Business Email Compromise (BEC), and noted that as many as 7,000 US businesses have been victimized by such scams over the past two years, resulting in some $740 million in losses.
AAFCPAs encourages our clients to develop countermeasures to risks, including regular security awareness training of employees, adequate internal control processes, and regularly updated & assessed technology controls.
At the minimum, use caution when responding to emails even if they appear to originate from a trustworthy source. Question the source and the intent of such emails. Do not reply to those emails; instead pick up the phone and verify the validity of such a request with the source.
For more information about cyber security and IT risk assessment, please contact your AAF Partner, or James Jumes, leader of AAFCPAs’ integrated business & IT advisory practice at: 774.512.4062 or jjumes@nullaafcpa.com.