Are you familiar with CEO fraud?

18 July 2022 by National Bank
CEO Fraud

Imagine you’re at work. Your boss contacts you. He’s on a business trip abroad. He has just acquired a company and asks you to send him an emergency bank transfer He adds that he trusts your discretion about the matter completely. It’s flattering, but watch out. You could be in the sights of a scammer.

More and more businesses are falling victim to CEO fraud. This is a type of targeted fraud that takes advantage of human vulnerability to:

  • Convince the target to make a transfer
  • Access confidential information (such as banking information, employee lists, client lists or identifiers and passwords)

Find out how you can protect yourself.

What is CEO fraud?

CEO fraud is a phishing scam that plays on the feeling of privilege to have been chosen to perform a task by the CEO or another line superior, whose identity has been stolen.

The scammer gains the victim’s trust and asks them to quickly perform a task, like an online funds transfer. The employee isn’t randomly selected. They have the power to do what the scammer is asking.

How do scammers know who to target?

They can identify key players in an organization through social engineering. They can:

  • Check the internet and social media
  • Contact the person beforehand on social media
  • Communicate with them and gather information to make their phishing email more believable

A well-crafted scheme is put in motion to convince the target to make a transfer or disclose confidential information without any suspicion of fraud.

Tips to protect yourself from fraud

Regular virtual conversations and sensitive data that may circulate online are making companies increasingly vulnerable. To prevent this type of phishing , you must be vigilant and aware. Here’s how.

1. Be ready

Tighten up internal processes by adding authentication measures for transfers, for example.

Be aware that scammers often encourage their targets not to follow regular procedures when making a payment.

Technological measures can also be established in advance to determine when an email address is being spoofed. Scammers often find ways to work around technology. But if an organization has the right tools, it can block the vast majority of fraudulent emails.

If an email gets through the spam filters, it's time for employees to step in. The most effective approach involves raising employee awareness about the importance of being vigilant at all times. People are your company’s best defence.

2. Be careful

The key to protecting yourself from fraud is to stop, analyze and question.

We’re often on autopilot in front of the computer, especially when completing routine and repetitive tasks.

It’s when we’re completing tasks without thinking that we are most vulnerable and most likely to make mistakes.

The very nature of the scam is to pass off a fraudulent transaction as an everyday request, which makes it especially hard to recognize.

Does the request seem unusual? Does your boss sound different from usual? If you have any doubts, don’t make a transfer or disclose any information until you’ve confirmed by speaking to your boss directly.

3. Go beyond the email, the call or the text and verify

In any case, you should never perform an action based only on one communication.

Tip: Use another means of communication to contact the supposed recipient. For example, use the business’s chat platform or the phone number on file.

Scammers will often leave a phone number in their messages, in case you have questions. Remember that this is the scammer’s number. Never use it for verification

Instructions on how to proceed to make the payment may be sent in a second email, which may appear to come from a lawyer or an accountant. This is another trick from the scammer, intended to make the request seem legitimate.

What should you do if you are a victim of CEO fraud?

Once completed, a fraudulent transfer is irrevocable. In most cases, the money is lost.

But even if the transfer was completed, you must still contact your financial institution as soon as possible. It is sometimes possible to block the funds before they are delivered to the scammer. However, the chances of getting the money back are slim.

To contribute to efforts to eliminate this type of fraud, you should also file a complaint with the police. If the scammers can be identified, you will have the right to legal recourse.

Unfortunately, scammers often ask for money to be transferred internationally, to a country from which it’s very hard to get the money back.

To put all the chances on your side, your company should protect itself from fraud ahead of time. Prevention is still the best strategy for avoiding fraud.

Need more advice on cybersecurity?

Learn more


Legal disclaimer

Any reproduction, in whole or in part, is strictly prohibited without the prior written consent of National Bank of Canada.

The articles and information on this website are protected by the copyright laws in effect in Canada or other countries, as applicable. The copyrights on the articles and information belong to the National Bank of Canada or other persons. Any reproduction, redistribution, electronic communication, including indirectly via a hyperlink, in whole or in part, of these articles and information and any other use thereof that is not explicitly authorized is prohibited without the prior written consent of the copyright owner.

The contents of this website must not be interpreted, considered or used as if it were financial, legal, fiscal, or other advice. National Bank and its partners in contents will not be liable for any damages that you may incur from such use.

This article is provided by National Bank, its subsidiaries and group entities for information purposes only, and creates no legal or contractual obligation for National Bank, its subsidiaries and group entities. The details of this service offering and the conditions herein are subject to change.

The hyperlinks in this article may redirect to external websites not administered by National Bank. The Bank cannot be held liable for the content of external websites or any damages caused by their use.

Views expressed in this article are those of the person being interviewed. They do not necessarily reflect the opinions of National Bank or its subsidiaries. For financial or business advice, please consult your National Bank advisor, financial planner or an industry professional (e.g., accountant, tax specialist or lawyer).