Would your employees know how to recognise a CEO fraud email? Regardless of the size of your business, you could soon find yourself on the receiving end of a scam that could cost your company.
CEO fraud is a business owner’s worst nightmare. Imagine discovering that your business has just transferred a substantial amount of money to somebody as part of a scam. CEO fraud is a reality that an increasing number of businesses face around the world. During a six month period last year, there were reports of 994 cases of CEO fraud in the UK. And over in the U.S., the FBI reports that last year, CEO fraud emails attempted to steal around 5.3 billion dollars from American businesses.
What is CEO fraud?
With this email scam, cyber criminals parody company email accounts and impersonate managers or CEOs in an attempt to trick employees into transferring money, sharing credit card information, passwords and other valuable data. The request might look legitimate, but it’s not a genuine request or bank account. The fraudsters then move the money on to other accounts, while closing the original account, which makes it almost impossible to trace.
Quite often, a CEO email scam includes:
- Someone posing as the head of a company instructing staff to make a wire transfer into the fraudster’s account.
- Fraudsters acting as a bank’s IT department saying they want to make a test transfer. But of course, it’s not a test.
- Scammers posing as a supplier and asking the recipient to pay outstanding invoices into a new bank account.
- Links within phishing emails containing malware which authorises many small payments to the fraudster’s account.
How to spot a CEO fraud scam
Every day your employees may be exposed to sophisticated phishing and ransomware attacks. Providing appropriate training will help them to always think carefully before they click. Security awareness training is key to making sure they can spot these types of cyber-attacks, particularly for those staff who are authorised to transfer money. The main pointers to look out for include:
- Display name
- Sender’s domain name
- Particular keywords, like bank transfer or wire transfer.
Protecting your business
It’s up to each individual business to put measures in place to protect themselves. Training is key; making sure employees are on alert and understand the process to report suspected fraudulent requests. It is also important that they are able to identify genuine calls and emails from the CEO, perhaps by using a code number or word as a part of the email. Businesses should always remain on their guard and ensure all staff are aware of potential phishing scams. The entire organisation should become responsible for cyber security, after all the risk is a very large bill – potentially millions of pounds.