CEO Fraud can be described as an embezzlement technique that has targeted SMEs for many years. The number of CEO frauds has dramatically increased, costing UK businesses £121 billion each year.
While CEO fraud is an increasing problem, with the right kind of training and knowledge of which red flags to look for there is no reason your company cannot be as well protected as possible.
How Does CEO Fraud Work?
While it is easy to assume, we would never fall victim to an email scam, the statistics show an alarming number of people being duped. Imagine sitting at your desk and receiving an email from your CEO asking for your assistance in finalizing a large takeover or piece of foreign investment. It is highly unlikely that your first instinct would be to now trust an email from the company owner or CEO. These types of emails usually address the employee directly and instruct them to release certain funds to finalise a deal. Cybercriminals want to avoid the employee checking into the matter too much, so they will often urge the employee – leading to less time for clarification and confirmation.
In addition to urgent emails, phone calls are increasingly used as a way of adding legitimately to the original email. Occasionally a specific representative will be mentioned in the email which will state that they will be in contact before the transfer is made. Once an email reply has been sent, the fraudsters will make contact with the employee, posting as the representative in the email.
Often flattered by the trust shown by the CEO, employees are likely to carry out the action asked for immediately. Later down the road when the large transaction to a mysterious account is being flagged as suspicious, the damage has already been done. The company suddenly realises they have lost a substantial amount of money to CEO fraud.
Example Email
Hi John,
I hope all is well.
I forgot about an important matter I need to take care of urgently, but unfortunately, I am out of the office all day.
There is a pending invoice from one of our vendors that needs to be settled by the close of banking transactions today. I have asked them to email me a copy of the invoice and I will pass it on to you.
I would really appreciate it if you could settle the account by the end of the day. I can’t take any calls at the moment, so a quick email is fine.
Kind regards,
Mike
How to Prevent CEO Fraud?
Educating and training your staff is the most important step when it comes to preventing CEO fraud. This is why Astec IT keeps their customers safe by continuously educating their client’s staff and training them to notice when something is not right, and unusual requests are being made (such as the one found in the example email above).
Astec IT is partnering with Sophos, a high-end security software that creates easy-to-use protection for Astec IT’s clients. As part of that, we implement anti-spoofing and anti-spam filters to prevent cybercriminals from reaching employees. Additionally, the advanced software recognises suspicious activity by checking it against a database. This way CEO fraud can be prevented.
Astec IT empowers your staff through continuous training and support, in order to develop habits and keep your business safe from vulnerabilities posed by CEO hacking. An employee of one of our clients operating in the investment sector recently received a suspicious-looking email in which a cybercriminal was pretending to be the CEO of the company – requesting invoice payments and other payment details. Since the employee has been trained in recognising suspicious activity, they flagged the email, which we were able to fraudulent.
If you want to find out more about CEO fraud and how you can protect your business make sure to contact us.