CEO fraud is a phenomenon that has been circulating for a number of years at large institutions, but now also affects small companies and associations. With CEO fraud, a cybercriminal assumes the identity of the CEO in order to make payment requests to the executive secretary, the CFO or other persons within the company with payment authority. In this way, criminals can send very large amounts of money to foreign accounts.
How does CEO fraud work?
In order to successfully commit CEO fraud, the hacker or cyber-criminal will first have to investigate how companies and employees communicate with each other. It is important that he understands how employees greet each other, what kind of emails are sent back and forth, and what the policy is before payment is made.
In addition, the criminal can also monitor social media profiles. In the past, he has often sent multiple emails to the company to find out who decides which payments to make and how the emails are structured or articulated.
As a company, how can you prevent CEO fraud?
If you want to protect your company or association from CEO fraud, there are a few steps you can take.
- When the CEO sends a payment request, it is a good idea to call the CEO or entrepreneur for confirmation or to make the payment on his or her desk.
- You should always check the sender of the email. The sender may contain important hints as the CEO’s name may be misspelled or may come from a Gmail or other free email address.
- If you receive a payment request from another company, please call to confirm the request. Please use the phone number you have on file – and NOT the phone number in the email.
- As a company, it is important that your company has certain procedures for payments. It can be difficult for criminals to follow these procedures.
- Provide an extra layer of protection at your bank. Let your bank know what kind of transactions can be considered normal for your company or business. In this way, artificial intelligence can use machine learning to mark certain payments as unusual or suspicious so that they can be stopped. For example, if your company never transfers money abroad, your bank may block payment to a foreign account. If the payment is known, all you have to do is call your bank and the payment can be made without any problems.
What if you are the victim of CEO fraud?
If you are lucky and can get there quickly, you can contact your bank and stop the payment. If you wait too long, it is possible that you have lost your money because you cannot hold anyone liable. It is therefore important that you call your bank’s fraud number.
But as with many cybersecurity problems, prevention is much better than cure.
Interested in planning a security awareness session for your management or staff? Or are you curious about how you can increase awareness for your organization? Then please contact us using the form below. We will be happy to answer all your questions.