There has been a significant increase in a specific type of fraud used to embezzle money from companies of all sizes. It’s a cruel technique that hackers have been using to shake down SMB’s for years. It’s called CEO fraud and it costs businesses millions every year.
How Fraudsters are Extorting Funds via Email
A member of an organization’s finance team will be sitting at their desk when they receive an (apparently) personal email from the managing director or CEO of their company.
The email will specify that funds must be released to finalize a huge international takeover or some other major deal. It will be addressed to the employee directly, asking them to carry out a sensitive business transaction, possibly referencing FCA regulations and the need for complete discretion.
Don’t Want to be a Victim of Cyber Fraud? Here’s How to Tell a Genuine Email from a Fake One
Phone Calls may also be Used to add “legitimacy”
In some cases, the email will mention that a representative of an intermediary body will be getting in contact by phone with details of the transfer. Once the employee replies to the email, the fraudster calls the individual, posing as the person mentioned in the email who supposedly works for a professional services firm.
The employee feels flattered that they have been trusted by the CEO and carries out the transaction swiftly to impress their boss.
At some point in the near future, the large and unrecognized transaction will be scrutinized, it turns out there was no big deal, and the firm realizes they have lost a large amount of money.
Examples to be wary of
The fraudsters may carry out the crime using the email posing as the CEO. In this case, the sender name will be that of the CEO, but the email account will usually be from something unfamiliar, or a Yahoo or Gmail account (so they can receive the replies).
In an increasingly technological age, we can’t forget about old fashioned fraud
Awareness of cyber crime is at an all time high. Therefore, the potential exists for us to forget about traditional methods of fraud. While this method uses technology (email, phone), there is no hacking going on, and the criminals are not doing anything technical to extract funds – only tricking people.
Vast amounts of data exist online for anyone to view
Don’t assume legitimacy if someone calls or emails you directly, using your first name and appearing to know about you. Anyone can find out company details such as employee names, departments they work in, managing director’s names (even email addresses) and financial information that can inform them to request a realistic sum of the money.
It is also possible to appear as anyone you want online, even over email. You don’t need to have access to an email account to appear to send from it. Many email programs allow you to customize the sender name, and also the reply-to address. This form of attack is known as “email spoofing”.
People are the weakest link when it comes to the security of your network
Fraudsters are able to get the information they need to infiltrate a company by scouring the company website, organization charts and social media accounts. Using this information, they can correctly identify and target the relevant person who is authorized to transfer large sums of money by impersonating the CEO with a fake email address. If they can manipulate this person, no amount of security hardware or software will keep business funds safe.
How to prevent this from happening to you
- Make people in your company aware of this problem.
- CEOs/Managing directors: Speak to people who have access to company funds directly and assure them that you, and other members of management, will never use email to request a funds transfer.
- Set an amount that cannot be exceeded for one-off transfers without going through a proper procedure.
How We Can Help
CEO Impersonation is a very persistent form of fraud that is constantly evolving. It’s not just at work that you’re at risk. Get in touch with us to learn more about Security Awareness Training and how it could help your business.
Adaptive Information Systems was founded with the mission to help businesses get the most out of their technology investments. We are a Salinas IT services provider, we are ready to manage your IT needs so you can focus on running your business.