December 14th 2015
An alarming increase is being reported in fraud involving impersonation of an organisation’s directors or other senior officers. Known as ‘CEO impersonation fraud’ or simply ‘CEO fraud’, an employee – typically in the finance department – receives an email purporting to be from the senior person, requesting that payment is transferred to a specified account … normally with a degree of urgency.
The deception is particularly hard to spot because the fraudsters often spoof the email address, making it appear genuine. It is often aided by a variety of social engineering techniques such as prior phone calls to obtain the names of company officers, visits to LinkedIn, and even checking the senior officer’s Facebook account to pounce when they away from the office on holiday, making it more difficult for the target of the fraud to check the authenticity of the email.
Reported losses resulting from CEO impersonation fraud have been as much as hundreds of thousands of pounds, and the companies falling victim are rarely reimbursed by the banks as the loss is, effectively, the result of employee negligence.
There are a number of steps an organisation can take to safeguard itself from this type of fraud, which are listed on our information and advice page.
Employees should all be educated in how to spot CEO impersonation and other types of fraud, and it is vital that cases are reported to your bank and Action Fraud immediately, as this provides a better chance of tracing the payment and/or apprehending the criminals.