A new more advanced CEO fraud is now a problem. Key employees in high-tech Norwegian companies have activated automatic forwarding of their e-mail. The e-mails are forwarded to e-mail accounts that are unknown to the businesses. In some cases, this has occurred for up to seven months. The majority of companies use Microsoft Office 365 and the forwarding rule has been set up for an “Inbox Rule” in the email accounts.
The fraudsters use the email accounts to send emails as either:
- Real invoices with changed account number.
- A message to end the account number on a previously received invoice.
- False invoices.
The attacker uses the victim’s real email account. As the fraudsters do not fake the sender, this indicates that the account is compromised. In total, this means that fraud appears to be MORE professional than ‘ordinary’ CEO fraud.