KnowBe4, a security awareness training and simulated phishing platform provider, launched a new tool designed to help IT managers combat CEO fraud, or Business Email Compromise (BEC) as it is referred to by the FBI.
CEO fraud is considered to be one of the fastest-growing social engineering schemes being used by cybercriminals and is expected to cost the economy over $3 billion in 2016, which far outweighs the $1 billion in expected costs associated with ransomware.
KnowBe4’s tool, called Phishing Reply Tracking, tests if users will interact with hackers on the other end of a phishing email.
“CEO fraud is harder to detect than a simple phish, as the emails used in these attacks bypass antivirus because they contain no malware,” Stu Sjouwerman, KnowBe4 CEO, said in a statement.
“Email is the number one attack vector avenue of entry into the enterprise. Once inside, cybercriminals can monitor the financial connections and interactions within the company. While they study the key individuals and protocols necessary to perform wire transfers in their target, they learn how to spring a convincing attack, posing as a company executive or an accounting executive,” Sjouwerman continued.
Phishing Reply Tracking helps provide employees with the security awareness training they need to better detect the red flags that can be associated with phishing emails. The phishing tool uses simulated attacks to test users and tracks how they reply. Those replies are then recorded and made available for IT managers to download and review if needed.
Sjouwerman added: “This is an important addition to your security awareness training plan that will help you inoculate users against Business Email Compromise, or CEO fraud. What happens if your users receive an email from a cybercriminal pretending to be your CEO requesting an urgent wire transfer? Will the employee reply back to question the sender for more details or, worse, simply confirm that they completed the transfer? Most companies cannot afford to take that risk.”