What is the CEO scam and how hard is it to identify? lifewire.com what is whaling?
The CEO scam works by the scammer sending an email that looks like it comes from the CEO or a high ranking office in a company.
In the case for my client it was an email that looked like it came from the CEO and was sent to the CFO.
The name and the signature were both identical to an actual email therefor making it hard to identify the email was a scam.
The CFO replied to the email and then realised that the email was a scam however the scammer had now been notified that the email address was valid and they stepped up their game from here on in.
The next email from the scammer again looked like it was from the CEO however this time it was asking a simple question.
“Are you in the Office?”
The question was simple however it’s real purpose was to identify active email addresses with in the organisation.
Everyone who responded to the email then received a followup email asking them to purchase iTunes gift cards for the CEO.
Blocking or filtering these emails is very difficult as the email doesn’t contain anything malicious in regards to links or attachments and relies on social engineering to achieve it’s aims.
How to use Office 365 Exchange Rules to filter these emails.
Log into your Office 365 portal as administrator.
Click on the ADMIN option.
Open the Exchange Admin website.
In the Dashboard select Rules in the Mail Flow options.
Create a NEW rule.
I called it the CEO External email rule.
Apply this rule IF…
The Sender is from an Outside organisation
AND
The Message Header contains ‘From’ header includes ‘CEO NAME HERE’ (Obviously put in your CEO’s FIRST name only.)
Do the Following…
Prepend the Subject with… ‘[POSSIBLE SPAM] ‘
Except if…
Add any exceptions for the CEO’s home email address etc.
Now any email sent from an external source with the CEO’s name will be flagged so that the recipient knows it might not be from the actual CEO.