More CEO fraud during corona

3 July 2020 - 4 min Reading time

The increased homeworking that was - and is still being - implemented in many companies to help contain the corona virus, is an opportunity for fraudsters to defraud companies. They pose as the CEO (or any other internal or external person of trust) of the company and ask to make some important and urgent payments.

 

The phenomenon, also known as CEO fraud, has been around for some time, but is experiencing a flare-up “thanks” to corona because working from home makes certain control actions more difficult. The best tip to prevent CEO fraud as a company is therefore: build in enough control.

  • In CEO fraud, fraudsters impersonate the CEO (or other internal or external trusted person) of a company and instruct an employee of that company to make payments.
  • The corona crisis seems to be contributing to CEO fraud because more people work from home and certain control actions are sometimes more difficult and are no longer possible.
  • Companies can arm themselves against CEO fraud by introducing different verification stages to pass on payments, especially when large amounts are involved.

How does it work?

 

In CEO fraud, fraudsters impersonate the CEO or another trusted person inside or outside a company and ask e.g. the accounting department to urgently make some - often large - payments.

For that, they usually crack the CEO's mailbox or create a fake address that is almost indistinguishable from the CEO's real address. Often, for example, one letter has changed compared to the official address.

Employees who fall into the trap do not pay the real CEO, but transfer money to money mule accounts without realizing it. From those accounts, the money is then passed on to the account of the fraudsters.

How to prevent CEO fraud?

In normal working conditions, an employee who receives such an e-mail from his or her CEO and has doubts about the request for payment will quickly drop into the CEO's office. Now that working from home has become the norm at many companies (temporarily or otherwise), this control step is a lot bigger. For example, employees will not (dare to) check this by telephone.

The best tip to prevent CEO fraud is therefore: build in sufficient control steps. Agree that - and certainly large - payments are not only passed on by e-mail, but also confirmed by text message, WhatsApp message, telephone, etc.

Step-by-step plan to follow in the event of fraud

 

Anyone who has responded to the fraudsters' request must take the following steps:

  • Contact the bank as soon as possible.
  • File a complaint with the police.
  • Alert the company's ICT department if the CEO's mailbox has been hacked. The fraudsters probably have access to a lot of information thanks to that mailbox. For example, passwords will have to be changed.