Executive impersonation: A growing threat

Explore the issues related to the growing threat of executive impersonation and how these schemes that prey on human fallibility can be mitigated.

The American Institute of CPAs (AICPA) issued a report on the growing threat of executive impersonation, in which criminals claiming to be corporate executives convince employees to send them sensitive documents and company information. Sophisticated hackers usually research their target and the company as a whole in order to craft highly convincing emails. Using information gleaned from mining corporate websites and social networks, the impersonations used in the emails can be accurate and convincing.

Key characteristics of the scheme:

  • Email requests appear to come from a senior (C-suite) executive or a key vendor or supplier.
  • The email address is substantially similar to the purported sender’s address, with very minor, subtle differences.
  • Requests occur when the executive is travelling and cannot be contacted.
  • There is an element of urgency or secrecy regarding the disbursement.
  • The amount is within the normal range of transactions so as not to arouse suspicion.
  • Other employees are referred to or copied in the email; however, their email addresses are slightly modified.
  • Requested payments are payable to a foreign bank.

More robust controls, including two-step authentication of transactions, enhanced employee awareness training, informed verification of transfer requests and evolving IT controls can detect these attempts before they result in losses.

Highlights

Our Firm Directory allows you to search for Canadian CPA firms using our interactive map as well as other criteria.

Jointly presented by CPA Canada and CPA Ontario, The ONE is the must-attend, multi-track event of the year, designed for all CPAs who want to be at the top of their game.