Fraudsters posing as CEOs are stealing millions from companies all over the world.

By Joe McDonough

Posted on October 23, 2017

Eastern European criminal syndicates are stealing millions from executives around the globe through a process known as ‘CEO whaling’.

The cybercrime involves learning intimate details about the CEOs through social media, so they can prepare personalised emails in their name, and trick close associates into transferring them funds.

Speaking to the The Daily Telegraph, the founder of leading cyber security firm MailGuard, Craig McDonald, said it is concerning how simple it is to achieve.

“Some of the emails are literally ‘hope you had a great time surfing on the weekend, need to get invoice paid urgently and I’m on a plane as you know’, enough for the other to think ‘yep this is our CEO’,” he said.

“It’s not a lot of work, it’s not about building all this up over months or years, it’s fairly quick, they’ve got it down pat, scrapping things off the internet.”

The highly personalised emails — which are generally sent to the accounts division or close colleagues — tend to target six figure payouts, but depend on the size of the company. The bigger the fish, the bigger the reward.

“Big whales, big fish, big catch, when it happens they make a lot of money, we’ve seen examples of that in Australia typically $100,000, $200,000 and a couple of biggies out there into the millions but people don’t talk about it and generally they are not covered off by insurance, typically because it is fraud and an internal failed process,” a cyber security spokesperson revealed.

Australian cybercrime is rising rapidly, with the total cost to the economy understood to exceed $1 billion. And CEO whaling has become such a major contributor that a confidential brief has been submitted to the Federal Government warning of its prevalence.

It’s difficult to get an accurate gauge of how much is being stolen from Australian CEOs. Cases are often swept under the rug because it is seen as an embarrassing failure of the company’s internal security procedures.

But there is no underestimating the organised crime groups both in Australia and abroad (largely in Eastern Europe according to the Australian Signals Directorate), who work with researchers to familiarise themselves with the personal lives of bosses on platforms such as LinkedIn, Facebook and Instagram, and use the dark web for extra ammo.