Members of a CERN board were recently targeted by so-called "CEO fraud", following the same format as the incident that occurred at the end of 2020. CEO fraud is a social engineering method to extract money from a company, playing on several psychological techniques to prevent people thinking consciously:
- Fear, guilt and shame, i.e. making a threat against you or your family ("I know what you did last summer and will tell your family if you don't…"). Under that pressure, you will just comply as you fear adverse consequences if you don't.
- Flattery, i.e. luring your ego, pride or complacency (and narcissism?) into complying.
- Seniority and respect, i.e. you blindly obey because you are instructed by someone much more senior than you, whereas you are just a little cog in the machine.
- Help, i.e. pretending to be in a difficult/delicate situation and requiring immediate assistance.
Like in 2020, this "new" fraud played the "help" card against the Board by abusing the name of its president and spoofing his email address (see our Bulletin article on "Emails equal Letters"). It all happened on 8 December, when several people in this CERN board received the following message, purportedly from the president:
A nice intro. Adopting a colloquial tone towards the recipient and then introducing the need for assistance with a difficult situation. Playing the "help" card. The "From" address was spoofed to look like the alleged sender's home institute. The "Reply to" address was also tampered with and points elsewhere - to a Gmail address.
