executive phishing attack
Carmen Leung

Carmen Leung

Carmen is Source Online's Director of Client Services, and holds a Bachelor of Business Administration with a major in Accounting, diplomas in Finance and Accounting, and a certificate in Business Administration.

Executive Phishing: What Expert Online Bookkeepers Want You to Know

Defrauding small business owners through email scams is big business for cybercriminals. Phishing tactics targeting company leaders and executives are on the rise and costing small business owners in Canada millions of dollars. 

Unfortunately, criminals’ executive phishing strategies are increasingly sophisticated and often go undetected. For instance, seven Calgary businesses recently reported losing a combined total of $1.7 million through illegal phishing scams. 

Even more frightening is that almost half of all international ransomware attacks in 2021 were the result of targeted phishing campaigns.

As bookkeepers specializing in online bookkeeping processes, we want to help small business owners in Canada be aware of the risks posed by executive phishing and understand how to protect themselves from these scams. 

This article will help you understand what an executive phishing scam is, share tips on how to prevent falling victim to one, and share tips on what to do in the event of an executive email breach.

What is Executive Phishing?

Executive phishing is a type of cybercrime that involves criminals sending emails, typically to executives or small business owners, to obtain sensitive data, access accounts, or commit fraud. 

Other names used to describe executive phishing fraud tactics include:

  • Spear phishing
  • Whaling attack

These emails are often crafted with malicious intent and may appear to be legitimate communications from trusted institutions or organizations. They contain links to malicious websites or attachments that have malicious software or ransomware.

Is Executive Phishing Different Than Phishing?

Yes, executive phishing is different from regular phishing because it specifically targets people in positions of authority, like small business owners and C-suite executives. 

Common Tactics Used in Executive Phishing Scams

Criminals often use well-cultivated information and images when crafting executive phishing emails. They are designed to look as legitimate as possible. Examples of these tactics include:

• Mimicking a trusted institution or organization’s email address

• Using the same language and tone used by the trusted institution or organization in emails

• Implying that the recipient is in some sort of trouble if they do not comply

• Offering incentives to entice recipients into clicking malicious links or opening attachments.

Phishing Scams Targeting Canadian Business Owners

Email scams are often tailored to specific targets based on location, business size, or industry sector. In Canada, scams claim to be from a government agency or financial institution. 

Some of the most frequent instances include communications from people claiming to be from the Canadian Revenue Agency (CRA), the RCMP, or your company’s bank.

Executive Phishing Scams in Canada

Canada’s competition bureau maintains a list of current and former scams used to target Canadian businesses on their website. This is an excellent resource business owners should frequently check to remain up to date on phishing scams. 

Examples of business scams in Canada include:

  • Business grants and loans scams.
  • Directory scam
  • Office supply scam
  • Intellectual property renewal notice scam

How to Identify an Executive Phishing Email?

One of the most important things small business owners can do is to be vigilant when it comes to email communications. 

Email has become the top access point cyber criminals use to gain access to a business’s network, financial data, and other sensitive information. In 2021, 90% of all data breaches occurred due to phishing.

 It’s essential to recognize that executive phishing emails are often expertly crafted to appear legitimate and go unnoticed until they have been opened or interacted with.

There are several warning signs small business owners should look out for when determining if an email is a phishing attempt. 

6 Identifiers of an Executive Phishing Attack

  • Email is unsolicited or is a request from an unknown sender 
  • Spelling and grammar errors in the body of the email 
  • Fake logos and images used to mimic a trusted organization’s branding
  • Urgent language demanding immediate response or action
  • Links to suspicious websites or URLs
  • Attachments that appear to be from a trusted institution or organization.
  • Email is from someone you know but it is not from their usual email address or platform 

How to Safeguard Your Business Against Malicious Email Attacks

Small business owners should take proactive steps to protect their company and staff from malicious email attacks. Establishing a clear and robust email security policy can help prevent cyber attacks.

Tips to Establish an Email Security Policy

Implementing an email security policy for your small business is a good way to help stop malicious emails from being opened. When curating your email security policy, consider including the following:

  • Establishing a list of valid contacts. This will help make phishing emails more visible and easier to identify.
  • Set up email filters. These can help identify and flag suspicious emails
  • Provide employees with security awareness training. Educating employees on how to review incoming emails securely can stop an attacker from gaining access to your company.
  • Installing malware protection software.This will help protect devices from malicious code that may be hidden in emails
  • Enforce strict password policies. This will ensure staff use strong passwords for each account that can’t be easily hacked by cybercriminals.

What to Do if Your Company has been Targeted by an Executive Phishing Attack

If you believe a phishing scam has targeted your small business, the first step is to immediately stop all activity and contact the Canadian Anti-Fraud Centre (CAFC). The CAFC will provide you with advice on how to proceed and connect you with the right people within your organization who can help investigate and address the attack.

You should also contact your local police department for any necessary legal assistance as well as notify your bookkeeping team and other stakeholders.

A Final Word On Cybersecurity From Source Online Bookkeeping

Executive phishing is a serious threat to small businesses in Canada and can have devastating consequences. By understanding the tactics used by attackers, small business owners can better protect their companies and staff from malicious email attacks. Small businesses can minimize the risk of becoming a victim of phishing by creating an effective email security policy, implementing malware protection software, and training employees on how to spot suspicious emails. 

Finally, small business owners should ensure they have the necessary measures to detect and address any malicious attack quickly and effectively. With these steps in place, small businesses can mitigate their exposure to executive phishing attacks and protect their vital information from falling into the wrong hands.

Share this post

Subscribe to our monthly newsletter! We share a couple new blog posts each month related to online bookkeeping, accounting, and government programs your business can take advantage of.