CEO Impersonations on the Rise


The latest cybersecurity threat plaguing businesses has emerged, with Trellix’s latest Threat Report revealing 78% of business email compromise (BEC) involved fake CEO emails.

The fake emails used common CEO phrases to lure readers, resulting in a 64% increase in attacks over the last three months.

Top CEO phrases used in BEC attacks in Q4 2022:

  • “I need you to carry out a task for me immediately.”
  • “I need you to get a task done so kindly forward me your cell phone number.”
  • “Send me your phone number, You need to get something done for me right now.”
  • “Please send me your cell number and keep an eye out for my text. I need a task completed.”
  • “Please review and confirm your cellphone number and keep a lookout to my text for instructions.”
  • “Did you receive my previous email? I have a Profitable deal for you.”

What is most concerning is that 82% of these attacks are sent using free email services, meaning that threat actors require no special infrastructure to execute their campaigns.

This makes it easier for cyber criminals to carry out attacks and makes it harder for organisations to defend themselves, putting Australian businesses at significant risk of vulnerability.

The findings come from a large report released by Trellix that examines the threat landscape and cybersecurity trends from Q4 2022, found attached.

You can read the full report here.