Millions Lost to Bogus Boss Fraud
Everyone it seems is under attack from fraudsters who want your money. Email Phishing is one of the most common ways to relieve individuals and businesses of their cash. There are many ways they can do this, but there is a new kid on the block ‘confidential transaction fraud’ or CEO Fraud, that has seen businesses across Europe (particularly France) and now here in the UK lose vast sums of money to these fraudsters. In France one company lost €32 million and it is estimated that in total since 2010 French firms have lost €465 million. Businesses of all sizes have been targeted. If you haven’t heard about it, now is the time to find out more on how it’s done.
What is CEO Fraud?
In France they call it ‘Fraude au President’ and simply it is where someone poses as the company boss and instructs employees to wire money into the fraudsters account. Here is an example:
Your accountant or someone in your business who has access to your business accounts is contacted, usually by phone. They are told that they will get an email from the CEO and they will give them instructions to conduct a very confidential transaction and you are going to have to do whatever their instructions tell you.
The accountant is then emailed from what appears to be the CEO saying that for example, they want to buy a company. The email tells the accountant that they will get a phone call from a consultant working with a lawyer who will then instruct them how to transfer the money.
The fraudsters tell the accountant that everything is confidential and that they can tell no one about it. In many cases the accountant is contacted by email constantly usually over a short period of time, like an hour, pressuring the accountant into acting quickly. They are told that it needs to be done by a certain time or the deal is lost and other forms of pressure, so that they act without thinking and transfer the money.
You may think this can’t happen to me, but all of the information needed such as the name of your accountant, CEO and Head of Finance are easily available online to fraudsters, through Company House, your own website or social media such as LinkedIn.
Why does it work?
Well it is thought that this type of email is easy to get past malware and antivirus software as they have no attachments or viruses in them. Employees are less likely to question instructions purporting to be from someone high up and important. It is high pressure, high urgency psychological manipulation and this is why it is so successful. No one wants to second guess or question the boss.
Other business frauds that are out there:
- Fraudsters pose as the IT services department of a bank saying they want to make a test transfer - but it's not a test
- Fraudsters claim to be a supplier and ask for outstanding invoices to be paid into a new bank account
- Employees click on links within phishing emails containing malware which authorises many small payments to the fraudster's account
Across the globe the FBI estimate that in the last two years $2 billion has been lost to email fraud. These criminals are getting cleverer, so you need to be aware of any thing that doesn’t look right. It is also important that your staff are aware of the type of frauds and effort fraudsters go too, that way they should also not fall fowl of them. Fraudsters can target anyone, have your staff prepared and that will help your business stay safe from fraud.