What is CEO fraud? And what you can do against CEO fraud as an organization.

What do CEO fraudsters do?

Unfortunately, fraud is common nowadays. Not only individuals but also companies are often the target. A common form of fraud is CEO fraud. In this article, we take a closer look at the characteristics of CEO fraud and how you can prevent this form of fraud.

How does CEO fraud work?

CEO fraudsters abuse authority. For example, the fraudster sends an email on behalf of a high-ranking person within the company. This is where the term CEO fraud comes from. For example, a fraudulent payment order is sent to an administrative employee of your company, in which you request to deviate from the regular payment process because there is an exception or an emergency. The fraudster can also request to change a specific account number. Fraudsters often seek contact by e-mail or telephone.

How do criminals carry out fraud?

Cybercriminals often conduct thorough investigations before actually committing fraudulent activities. They often use various techniques, including social engineering. This technique attempts to crack the weakest link (humans) in computer security.

Phishing

In the case of phishing, cybercriminals try to gather relevant information about your company. These criminals try to trick employees into providing private information via email, text, or phone calls. For example, they may pretend to be a bank or a reputable government agency. Cybercriminals also sometimes build fake websites that look exactly like real websites. Important private data thus gets to the cybercriminals and they can use it to properly execute the CEO fraud attack.

Spear phishing

Spear phishing is a targeted method of phishing that targets a specific company or employee. Spear phishing is therefore more often used by CEO fraudsters. Often, cybercriminals send a message via email from a legitimate sender. They can do this by hacking the email addresses of employees.

Pretexting

Another common method used by cybercriminals is pretexting. The attacker concocts false circumstances to trick the victim into accessing sensitive information or protected systems.

CEO fraud examples

CEO fraud can be recognized by several characteristics. In this section, we discuss some examples of CEO fraud.

Abusing the hierarchy

CEO fraud abuses the authority of a CEO. The fraudster places a payment order with an employee. If this is not paid, the so-called CEO threatens major consequences.

Sometimes the employee also receives compliments from the fraudster. The fraudster indicates that the employee has exceptional qualities and is therefore allowed to carry out the assignment in secret.

Emphasizing Confidentiality

The so-called CEO indicates in this case that this is a confidential transaction and that it may not be shared with anyone within the company. Strict privacy legislation is being abused. The so-called CEO emphasizes that the assignment may not be shared with other colleagues. The main goal is to keep the fraudulent activities secret for as long as possible.

Fake emails

Often the emails are sent with a fake email address. The e-mail address is very similar to the real e-mail address, but often they are slightly different. In some cases, the fraudster may send messages from a verified email address. Through phishing, criminals obtain passwords, which they use to log in to email addresses and then send fraudulent messages.

Protect your company against CEO fraud

It is important to properly protect your company against CEO fraud. Many companies have already become victims of this with often far-reaching consequences. With the tips below you can prevent CEO fraud within your company.

Be alert to irregular payment requests

It is important that employees are alert when dealing with irregular payment requests. Inform all your staff regularly about any fraudulent activities. Clearly indicate where they can go in case of irregular payment requests or other unusual phone calls or requests. New employees must also be informed of this quickly.

Check all payments

It is wise to have unusual payment requests checked by a second person. Despite the fact that not all unusual payment requests are fraudulent, this way you reduce the chance of erroneous transfers to bank accounts of cyber criminals. Although it is an extra step in the business process, in the end it is very valuable.

Be careful when disclosing information about your company

We also advise you to be careful when providing information from the company. For example, it is nice to put information about all employees on your company page, but this can also work to your disadvantage at the same time. This information can be used against your company. For example, it can be misused to create a sense of intimacy. So take a good look at what information you publish about your company in public.

Protect yourself better with a virtual private network

With a virtual private network, you are less visible on the internet. All employees of your company leave traces on the internet. This can also be company-sensitive information. For that reason, it’s not a bad idea to use a VPN. This is an encrypted connection between your computer and the internet. With a VPN connection, you can access the internet anonymously.

What should you do if your company is a victim of CEO fraud?

Has your company unexpectedly fallen victim to CEO fraud? Then it is important to take action as quickly as possible. Notify your bank’s cyber department as soon as possible. In some cases, a transaction can still be canceled. Also, contact the police and the fraud helpdesk.

It is also wise to take action within the company itself. Notify all staff of the circumstances and schedule an emergency meeting. It is then important to take measures to prevent more fraudulent activities.

Do you also want to be better protected against CEO fraud? Sign up now for the free 14-day trial at Guardey.