Skip to content

To Tell the Truth: Will the real CEO please stand up?

Don’t act on emails without knowing the truth

Arthur Gaplanyan

June 22, 2023

No Comments

CEO Imposter

Do you remember the old game show “To Tell the Truth”?

It predominantly ran during the 70s, but was brought back about every 10 years for a short run. It was most recently aired on ABC from 2016-2022. We don’t need to reveal ages by talking about which iteration we each remember. >wink wink<

The premise of the show was always the same. That’s where a panel of celebrities were confronted with a team of challengers all claiming to be a person in question. The celebrities had to correctly identify the real person and eliminate the imposters.

At the end of the round, the host would ask, “Will the real [person] please stand up?” and the big reveal came to see who was fooled and who wasn’t.

The same thing is happening now, only you’re the one needing to figure out who is real and the results are no game.

The threat is called Business Email Compromise (BEC) and is a top threat to businesses of all sizes.

BEC attacks are when a criminal gains access to your business email and uses it to impersonate the company. They may use it to trick your employees, partners, or customers into sending them money or information. This is typically done by pretending to be in a senior position, such as the CEO.

The criminal uses a mix of impersonation with social engineering and a sense of urgency to get people to take action. What action? Anything from wire transfers, payments of fake invoices, sharing of company information, and even asking for account credentials.

This isn’t something that only happens in big companies, since small and mid-sized businesses are just as (if not more) vulnerable. These attacks keep increasing every year, have cost over $26 Billion in the last few years, are getting harder to detect, and have started getting more destructive.

How to protect your business from BEC attacks

We’ve done a full write-up on how to keep your business safe from BEC attacks.

Go read that when you have a chance, but in a nutshell you want to:

  • Educate Your Employees so they are aware of the threat.
  • Use advanced email security solutions to protect your business.
  • Set up internal verification procedures for payments.
  • Monitor your email traffic for anomalies.

The main focus here is that you want to always stop and think about the emails you receive before you take any action. Does the request sound reasonable? Does it break any normal practices? Is it really that urgent it needs to be done right now? Those could be key indicators of a BEC attack with an imposter criminal on the other end.  

Of course, you should keep on top of standard security practices like keeping your software up to date and using MFA on every account.

If you have any questions regarding BEC attacks or about your security measures, reach out for a free consultation. It’s better to act now to secure your business than wait until an attack occurs.