May 19

Industry Insights

Protect your Business from CEO Fraud

CEO Fraud is the root of some of the biggest cyber scams affecting both large and smaller organisations. In the UK £14.8m was lost to this type of fraud in 2018 (Source: UK Finance).

What is CEO Fraud?

CEO Fraud is essentially a criminal impersonating a senior figure in an organisation, such as a Managing Director or CEO, online. The fraudster will use a variety of methods to harvest information on the whereabouts and personal details of the individual including press releases, social media accounts and online news sites. They will then use this information to send a detailed request for payment to the company’s accounts team requesting an urgent payment. Often they will wait until the individual is away on holiday so the receiver is unable to query it. The email is usually so detailed with information that the fraudster has harvested that the receiver is easily fooled. They also can hack into the MD or CEO’s email account so the from address used is legitimate. With the right information at their disposal a fraudster can easily create a believable reason for the request and make it look convincing.

How to spot a fraudulent email attempt?

As mentioned above the fraudster can make the from address appear to be legitimate so what red flags can you watch for?

· Any urgent, same day requests for financial information or payment

· Unexpected or irregular payment requests

· Emails received at unusual times outside normal working hours

· Different style of language used

CEO fraud

What to do if you are suspicious

Always check with the person who the request is coming from in person not by email as their account may have been hacked. If they are not available check with another manager. If you are in any doubt whatsoever do not make the payment. There is nothing to be afraid of in being over cautious – your company will thank you for it. Also make sure to alert your IT team. They can look for other similar attempts within the organisation and also review their current IT security for any vulnerabilities.

Criminals are always finding new ways of fooling people. In the current climate many criminals are using the fear around the coronavirus to make these kind of impersonation attempts. For example a criminal could hack into a CEO account and send an email to the accounts team saying they have ordered facemasks for all employees and the company require urgent payment as stocks are low and demand is high. It is now more imperative than ever that employees, many of whom are now working remotely and may not have the same level of IT Security, are on the lookout for suspicious activity.