matricula-
Get to know our products for Personal
Bank accounts Bank cards Mortgages Personal loans and credits Savings Investment Retirement Insurance Renting Cars
Become a customer and create your account1 in less than 10 minutes with your mobile
Open your account online
 1 View information document on fees
Branch finder Online appointment Correos Cash
Help Center Contact Security Digital Banking Services
Simulate your mortgage Code of Best Practices 2022 Payment account transfer service Become a customer Evolution of the Euribor Más Sabadell
Back
Cybersecurity

How to prevent yourself becoming a target of the CEO or Man In The Middle frauds
Carlos S. Ponz - Tue Feb 04 13:05:53 CET 2025
Share

The CEO and Man In The Middle fraud are two of the most common phishing attacks, so here's how to avoid and detect them.The most common digital fraud in companies include those related to phishing, a type of cybercrime that consists of fraudulently acquiring confidential information, such as account passwords or bank card information. Within phishing, there are two new types that are becoming particularly popular among cybercriminals, especially in holiday seasons: the CEO and the Man In The Middle scam

This article explains what they are and offers a series of tips on how to avoid them.

What is CEO fraud? 

The CEO fraud is the use of an identity of someone with authority in a company, such as the chief financial officer (CFO) or chief executive officer (CEO), to try to defraud employees who have access to the company's accounts or other relevant assets. Using this fraud, the criminal tries to get money transferred or obtain confidential information from the organisation that can be used to his or her benefit.

One of the most common ways in which this CEO fraud occurs is through the registration of a company's website domain that is very similar to the real one. Then, the criminal sends an email to someone with a position of authority within the company, pretending to be someone in charge, asking them to urgently and confidentially send a certain amount of money to an account controlled by the cybercriminal.

What is the Man In The Middle fraud?

The Man In The Middle attack involves the criminal intercepting the communication between two people connected to a network. This allows them to obtain highly confidential information (such as bank details or the victim's physical address) that will later facilitate the phishing of either person, so that they can ask the CFO of the company to make a payment to them.

Typically, in a Man In The Middle fraud, criminals will use email address phishing of a company's suppliers to divert payments to a fraudulent account. It can also happen the other way round: spoofing a customer's email address to divert their charges to a fraudulent account. 

Tips to avoid becoming a victim of a CEO or Man In The Middle phishing attack

In order to avoid becoming a victim of a cyberattack, the most important recommendation is to be cautious. If you have any doubts about a request you receive informing you of a new subscription account, the best thing to do is not to trust it. Remember that Banco Sabadell will never request confidential data from you by text message, email or phone call, nor will we request that you transfer your funds to a secure account.

In addition, we recommend that you follow other tips to minimise the chance of suffering any of these frauds, such as:

  • First, always check email addresses, paying special attention to any differences that you may notice in the email.

  • Check by a different method other than email (such as the bank's app) any change in the direct debit of a payment suddenly and without prior warning.

  • So, if you receive an email informing you that there has been a change in the account to which a payment has been sent, you will usually receive a simultaneous phone call from the impersonator to confirm the fraudulent activity. Never trust any such call and always check the authenticity of the exchange by contacting the supplier on the telephone number originally given to you.

  • The first time you make a transaction with a new supplier, always confirm that the details of the payee and the bank address for payment are identical to those included in the previously established contract or on the order form and that there are no changes.

  • Remember never to share your passwords or your company's passwords with anyone so as not to allow them to be compromised. 

  • It is crucial to inform a company's employees about the possible fraudulent activity that they may be exposed to, especially in relation to being cautious when they are required to make a payment.

  • And it is important for any company to implement internal protocols for verifying payment requests received by telephone or email. 

Photo by Andrea Piacquadio at Pexels
 
Share


Link
matricula-

Do you suspect that the security of your accounts has been compromised?

Visit our Help Centre, where we tell you what to do if, for example, your account passwords or card details have been stolen.

 Go to the Help CentreGo to the Help Centre