Beware the CEO Fraud

A recent attack on the video-messaging service Snapchat brings to light a new danger that healthcare providers should be aware of. Snapchat, which now boasts 8 billion video views each day, was the victim of a phishing attack called the CEO Fraud. In a CEO Fraud attack, hackers impersonate a company’s CEO in an email which is then sent to targeted employees. The email is set up to spoof the company CEO’s account, and will tend to look genuine to employees. In the Snapchat case, an email requesting the payroll information on some of Snapchat’s employees was sent to the company’s payroll department. Purportedly from Snapchat CEO Evan Spiegel, the email was answered and some employee information was disclosed to the attackers before employees realized it was a scam. Snapchat issued a statement and an apology to employees.

Snapchat is not the only company to fall victim to such scams. On March 1, the Internal Revenue Service issued an alert to payroll and HR professionals on the increasing problem of phishing attacks targeting employee information and payroll data. These attacks can be difficult to recognize and combat, so it is important to make sure employees are aware of the possibility. It is not enough to rely on technology, as anti-virus software and other traditional defenses will not stop these types of attacks. Instead, employees should be on the lookout for odd or out-of-the-ordinary requests, as well as emails with strange links and attachments. If the email seems suspicious, check with the sender to make sure it is genuine before replying.