Prevent CEO Fraud by watching for these email Red Flags

Prevent CEO Fraud by watching for these email Red Flags

CEO Fraud, also called Business Email Compromise, is the next cybercrime wave. The FBI recently warned that this has cost small and medium enterprise 1.2 billion dollars in damages between October 2013 and August 2015. Employees, especially CEOs and CFOs, have to be aware of the various techniques the scammers are using to trick them into wiring out large amounts of money.

Small and medium enterprises are not FDIC-insured like consumers, and your cyber security insurance (if you even have it) may not cover this specific type of fraud because no IT infrastructure was compromised.

What can you do about it:

  1. Alert your execs. These scams are getting more sophisticated by the month and be on the lookout
  2. Review your Wire Transfer security policies and procedures
  3. Share and review the Social Engineering Red Flags (below) with your C-level execs
  4. Train your employees to recognize these type of social engineering attacks
  5. Read the IC3 Alert in full, and apply their Suggestions for Protection. You can find it here.

(The key one is #4: all your employees need to be stepped through effective security awareness training to prevent social engineering attacks like this from getting through.  Find out how affordable this is for your organization today and be pleasantly surprised, call us today for a quote, 847-551-4626)

Social Engineering Red Flags to watch for:

Email Example for Social Engineering Red Flags


  • I don't recognize the sender's email address as someone I ordinarily communicate with.
  • This email is from someone outside my organization and it’s not related to my job responsibilities.
  • This email was sent from someone inside the organization or from a customer, vendor, or partner and is very unusual or out of character.
  • Is the sender's email address from a suspicious domain? (like
  • I don't know the sender personally and they were not vouched for by someone I trust.
  • I don't have a business relationship nor any past communications with the sender.
  • This is an unexpected or unusual email with an embedded hyperlink or an attachment from someone I hadn't communicated with recently.


  • I was cc’d on an email sent to one or more people, but I don’t personally know the other people it was sent to.
  • I received an email that was also sent to an unusual mix of people. For instance a seemingly random group of people at your organization whose last names start with the same letter, or a whole list of unrelated addresses.


  • Did I get an email with a subject line that is irrelevant or does not match the content?
  • Is the email message a reply to something I never sent or requested?


  • Did I receive an email that I normally would get during regular business hours, but it was sent at an unusual time like 3 a.m.?


  • Is the sender asking me to click on a link or open an attachment to avoid a negative consequence, or to gain something of value?
  • Is the email out of the ordinary, or does it have bad grammar or spelling errors?
  • Is the sender asking me to click a link or open up an attachment that seems odd or illogical?
  • Do I have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link?
  • Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know?


  • I hover my mouse over a hyperlink that’s displayed in the email message, but the link to address is for a different web site. (This is a big red flag.)
  • I received an email that only has long hyperlinks with no further information and the rest of the email is completely blank.
  • I received an email with a hyperlink that is a misspelling of a known web site. For instance, (the “m” is really two characters – “r & n”)


  • The sender included an email attachment that I was not expecting or that makes no sense in relation to the email message. (This sender doesn’t ordinarily send me these types of attachment(s).)
  • I see an attachment with a possibly dangerous file type. (The only file type that is always safe to click on is a .TXT ­file.)