More and more businesses are falling victim to CEO fraud. This is a type of targeted fraud that takes advantage of human vulnerability to:
- Convince the target to make a transfer
- Access confidential information (such as banking information, employee lists, client lists or identifiers and passwords)
Find out how you can protect yourself.
What is CEO fraud?
CEO fraud is a phishing scam that plays on the feeling of privilege to have been chosen to perform a task by the CEO or another line superior, whose identity has been stolen.
The scammer gains the victim’s trust and asks them to quickly perform a task, like an online funds transfer. The employee isn’t randomly selected. They have the power to do what the scammer is asking.
How do scammers know who to target?
They can identify key players in an organization through social engineering. They can:
- Check the internet and social media
- Contact the person beforehand on social media
- Communicate with them and gather information to make their phishing email more believable
A well-crafted scheme is put in motion to convince the target to make a transfer or disclose confidential information without any suspicion of fraud.
Tips to protect yourself from fraud
1. Be ready
Tighten up internal processes by adding authentication measures for transfers, for example.
Be aware that scammers often encourage their targets not to follow regular procedures when making a payment.
Technological measures can also be established in advance to determine when an email address is being spoofed. Scammers often find ways to work around technology. But if an organization has the right tools, it can block the vast majority of fraudulent emails.
If an email gets through the spam filters, it's time for employees to step in. The most effective approach involves raising employee awareness about the importance of being vigilant at all times. People are your company’s best defence.
2. Be careful
The key to protecting yourself from fraud is to stop, analyze and question.
We’re often on autopilot in front of the computer, especially when completing routine and repetitive tasks.
It’s when we’re completing tasks without thinking that we are most vulnerable and most likely to make mistakes.
The very nature of the scam is to pass off a fraudulent transaction as an everyday request, which makes it especially hard to recognize.
Does the request seem unusual? Does your boss sound different from usual? If you have any doubts, don’t make a transfer or disclose any information until you’ve confirmed by speaking to your boss directly.
3. Go beyond the email, the call or the text and verify
In any case, you should never perform an action based only on one communication.
Tip: Use another means of communication to contact the supposed recipient. For example, use the business’s chat platform or the phone number on file.
Scammers will often leave a phone number in their messages, in case you have questions. Remember that this is the scammer’s number. Never use it for verification
Instructions on how to proceed to make the payment may be sent in a second email, which may appear to come from a lawyer or an accountant. This is another trick from the scammer, intended to make the request seem legitimate.
What should you do if you are a victim of CEO fraud?
Once completed, a fraudulent transfer is irrevocable. In most cases, the money is lost.
But even if the transfer was completed, you must still contact your financial institution as soon as possible. It is sometimes possible to block the funds before they are delivered to the scammer. However, the chances of getting the money back are slim.
To contribute to efforts to eliminate this type of fraud, you should also file a complaint with the police. If the scammers can be identified, you will have the right to legal recourse.
Unfortunately, scammers often ask for money to be transferred internationally, to a country from which it’s very hard to get the money back.
To put all the chances on your side, your company should protect itself from fraud ahead of time. Prevention is still the best strategy for avoiding fraud.