Sign in
  • Home
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Support
Request phishing analysis
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Get started for free
  • Support
  • Sign in
Check to see if you’re protected
☰
Check to see if you’re protected
Share this article
Related posts
  • Blog
    Research: Only 22 of the top 100 retailers are protected by DMARC
  • Blog
    DMARC authentication gets you the deliverability you deserve
  • Blog
    How vulnerable are U.S. election operations to email spoofing?
Valimail blog

CEO to CFO phishing scams are on the rise. Here’s one we caught in the act.

Author: Valimail
holding fish
Don’t get caught like this fish. Photo: Lunar Wrasse via photopin.

There has been a lot of coverage in the media recently about spear phishing and the ‘CEO to CFO’ scam, and for good reason. Phishing attacks have been distressingly common for some time, and they appear to be getting worse. For a sampler, just check out security expert Brian Krebs’ many stories of executives being duped by fake emails.

These attacks rely on the scammers using your exact domain to create fake email messages that look like they originate from within your company. They can often get away with this because many email systems don’t verify whether the sender is actually authorized to use that domain or not.

DMARC, when in enforcement mode, stops this cold.

Just recently Valimail saw an example of a spear phishing email sent to one of our customers. The CFO found it in her spam folder. As you can see below, the language is a bit stilted, so she probably could have identified it as a suspicious message if she was reading carefully. But it is easy to be fooled in the rush of daily activities. And anyway, do you want your CFO worrying about the authenticity of every email? Or do you want her focusing on the company’s finances?

Ditto for people in HR: The IRS recently warned payroll and HR departments to be alert for W2 scams, where the CEO appears to be sending a request for employees’ W2 tax forms, which the attackers then use in a variety of ways, such as filing fraudulent tax returns. But why should HR people be spending their time trying to establish the authenticity of emails they receive?

For our customer, there was never any question of being fooled, since DMARC caused it to go to the spam folder. But the fact that the CFO could see it at all (by looking through her spam folder) was enough to make the security team move to p=reject, which means that future messages that fail authentication like this will be deleted outright. (Note: for more on DMARC configuration and p=reject, see our DMARC FAQ.) There is now no chance at all that this company will be caught out by attackers spoofing their domains.

Happy Authenticating!

— — — — — Forwarded message — — — — —
From: John Smith < ceo@company.com>
To: < cfo@company.com>
Cc:
Date: Wed, 2 Mar 2016 08:25:03 -0800
Subject: Att: John
John

Kindly confirm how soon you can initiate an urgent bank transfer today, let me know when you can so that i can send the beneficiary’s details.
Regards,
—

Jane Doe

— — — — — Forwarded message — — — — —
From: John Smith < ceo@company.com>
To: < cfo@company.com>
Cc:
Date: Wed, 2 Mar 2016 08:12:37 -0800
Subject: Att: John

John

Confirm the receipt of this message if you are on seat , i want you to
process a payment before cut off time today.

Regards,
—
Jane Doe

Back to blog
Published March 18, 2016
  • Cybersecurity
  • Email
  • Phishing
Author: Valimail
Valimail is the global leader in zero-trust email security. The company’s full line of cloud-native solutions authenticate sender identity to stop phishing, protect brands, and ensure compliance; they are used by organizations ranging from neighborhood shops to some of the world's largest organizations, including Uber, Splunk, Yelp, Fannie Mae, Mercedes Benz USA, and the U.S. Federal Aviation Administration. Valimail is the fastest growing DMARC solution, with the most domains at DMARC enforcement, and is the premier DMARC partner for Microsoft 365 environments. For more information visit www.valimail.com.
Resources
Top retailers remain vulnerable to email brand spoofing
Learn more
Email security with Microsoft and Valimail
Learn more
Election email security
Learn more
Email fraud landscape, Summer 2020
Learn more
Preparing for BIMI: A Marketer’s Guide
Learn more
Latest news
Trump’s refusal to concede the election is creating an opening for cy...
Learn more
2020 General Election Results to Directly Impact Tech Industry
Learn more
Why Email Is Still an Election Day Disinformation Risk
Learn more
US elections are still vulnerable to email spoofing
Learn more
Security Gaps Persist, Report Warns, After U.S. Blames Iran In Election Sch...
Learn more
Press releases
Valimail Triples Customer Base, Becomes Top Global DMARC Provider in 2020
Learn more
Valimail: 2020 election infrastructure still vulnerable to email hackers
Learn more
Valimail Announces Selection by ASG for Anti-Phishing and BEC Protection
Learn more
Valimail DMARC Monitor and Valimail Enforce Now Available in the Microsoft ...
Learn more
Valimail Research Finds More Than 1 Million Domains Using Crucial Email Aut...
Learn more
Follow us
Contact us

P: 888.354.6179
E: info@valimail.com

Headquarters

180 Montgomery Street
20th Floor
San Francisco, CA 94104

Valimail Mountain Office

1550 Larimer Street
Suite 271
Denver, CO 80202

Request a full phishing analysis
© Valimail
  • Terms of use
  • Privacy Policy
  • Website terms of use
  • Do not sell my personal information
  • Phishing Analysis
  • Domain Checker
  • Products
  • Enforce
  • DMARC Monitor
  • Instant SPF
  • Amplify
  • Solutions
  • Anti-phishing
  • Brand protection
  • Compliance
  • Government
  • Marketing
  • Microsoft
  • Shadow IT
  • About
  • News + awards
  • Partners
  • Team
  • Careers
  • Industry leadership
  • Customer support
  • Learn
  • Resources
  • Blog
  • Customers
Subscribe to our newsletter

Get exclusive content on improving email security and deliverability from the experts at Valimail.

  • *
    I understand that I may proactively manage my preferences, or opt-out of Valimail communications at any time using the unsubscribe link provided in Valimail email communication. I confirm that I am over the age of 16. The information that you provide will be used in accordance with the terms of our Privacy Policy.
  • This field is for validation purposes and should be left unchanged.