Action Fraud has seen an increase in reports from businesses that have fallen victim to fraudsters who are purporting to be CEO’s, resulting in huge financial losses.
How does CEO fraud work?
A company, often with multiple offices, is targeted by a fraudster who purports to be the CEO of the company and often claims to be based in another country.
The fraudster contacts someone within the finance department and requests payments to be made into bank accounts, saying it is part of a highly sensitive acquisition, merger or property purchase.
Initial contact appears to primarily be made via email from an address similar to the one the CEO would use, although there are some reported instances where fraudsters have called up to make themselves appear legitimate. In addition, a second fraudster may be introduced, who poses as a lawyer or regulator.
With a strong social engineering element, the fraudster often requests that they, as the CEO, are not contacted further by the financial officer as they are busy. Alternatively the fraudster may pick occasions when the real CEO is on holiday, therefore preventing financial officer from checking the validity of the request.
Typically the average amount given to fraudsters is around £35,000, but we have seen some extreme cases where one company lost £18.5 million.
How to spot and prevent this type of fraud
- Review internal procedures regarding how transactions are requested and approved, especially those in relation to verification.
- Always check email addresses and telephone numbers when transactions are requested. If in doubt request clarification from an alternatively sourced email address/phone number. Remember fraudsters can easily set up a look-alike email addresses that are one or two letters off from a company’s true domain name.
- Don’t be afraid to question details when being tasked to transfer money at short notice.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.