We recently had a client that nearly became a victim of an email phishing attack known as CEO Fraud. CEO Fraud is a scam in which cyber criminals spoof company email accounts and impersonate executives to try and fool an employee such as a Controller or CFO into executing unauthorized wire transfers. In this case, the CFO was the phishing target. The only reason he didn’t fall for the scam is that the tone of the email didn’t match the CEO’s normal tone; otherwise, he might have sent the wire transfer and the scam would have been successful.
This is one of our SPOT Managed IT Services clients, but it made me realize that we weren’t doing enough to ensure that the client’s IT security risks were minimized. We had briefly discussed our new SPOT Shield Managed IT Security Services offering at our previous Quarterly Business Review, but I did not push very hard to implement it. After this phishing attack near miss, I highly recommended that we get SPOT Shield in place ASAP, and get all of their employees to go through the include end user IT security training curriculum, and to schedule on-going phishing tests for end users. In addition, we were able to put in place $100K of financial protection and breach response services. The CEO and CFO now have the comfort of knowing that these IT security risks are being addressed, and can focus on other business matters at hand.