Tom Herbert
Business Editor
AccountingWEB
Share this content
0
1464

CEO fraud - has anyone been targeted?

CEO fraud - has anyone been targeted?

Has anyone been targeted by the latest round of CEO fraud - where criminals impersonate email accounts of chief executives to trick finance depts into wiring payments to an overseas bank account?

Replies

Please login or register to join the discussion.

03rd Mar 2016 11:53

If a company makes a payment on the back of an email, then more fool them, and shame on the company accountant for not adopting adequate controls.

Thanks (2)
03rd Mar 2016 11:58

Yes but it's a brave accountant who refuses to comply with an explicit instruction from his boss.

Thanks (3)
avatar
03rd Mar 2016 13:15

Totally agree

johngroganjga wrote:

Yes but it's a brave accountant who refuses to comply with an explicit instruction from his boss.

 

I very much agree.

I received one of these email a few months ago; it was uncanny how even the words and tone of the email gave the appearance that the message originated from the MD. Even the email address was similar (and the difference was only spotted once going into Outlook properties, i.e. the sender name as it appeared in the email was identical to that actually used by the MD).

To be absolutely sure I had to interrupt a meeting the MD was in just to confirm my suspicions. It was very fortunate (for me especially) that I did!

 

Thanks (1)
03rd Mar 2016 12:01

If there were adequate controls such as director signatures on BACS requests, it wouldn't matter who the email came from. The process would still have to be followed.

Thanks (0)
avatar
03rd Mar 2016 12:16

Documentation?

You could simply ask for the invoice, and you can bet 100% there would be no reply.

 

 

Thanks (0)
avatar
04th Mar 2016 11:46

I received a fake email from our chairman asking me if I could make an immediate payment and when I said yes an invoice was supplied.  I saw nothing untoward in the emails and they looked perfectly legitimate.  It was only our internal controls which stopped the payment i.e. the chairman had to physically sign authorisation for the payment.  I thought I'd never get fooled by one of these scams but, believe me, they are extremely effective and appear to be authentic.

 

Thanks (0)
avatar
03rd Mar 2016 13:09

Controls and intuition
Some of our clients are pretty direct in their instructions to their staff but I like to think that their finance people would double check anything that looks dodgy. Most owners of small companies have direct access to their company bank accounts anyway.

Bigger clients have more robust controls in place for sure.

Can't really see it happening.

Thanks (0)
By Glennzy
03rd Mar 2016 16:35

I am currently dealing with a case.

With a guy from the Syrian Interior Ministry who has kindly offered to pay $500,000 for my services if I agree to refund half of it to him once he flees the country.

I have asked for the standard ID information, and also feel a 60/40 split my way would be more fair as its me who is doing all the work, but I have not yet had a response.

 

Thanks (5)
avatar
03rd Mar 2016 17:38

A bit more crafty

These frauds are often not quite as simple as 1 random email. They usually include a couple of phone calls priming and/or chasing the payment and are on a Friday when time pressure and stress levels may be a little higher. I can imagine that in very large organisations the occasional fraud may slip through.

It may also succeed however in a smaller business if the boss occasionally asks the finance department to make personal payments on his behalf and the boss just happens to be away that day.

Thanks (2)
By tom123
03rd Mar 2016 18:47

What suprised me

I get these a few times - purporting to be from my boss (the MD). The tone is a bit wierd, but perfect English.

What is also perturbing is that

a) The fraudster knows who the MD is - not that odd, given that it is public record,

and also

b) The same fraudster knows to send the request to me, and no-one else.

again, as a board member that is not too odd - but it does seem a bit more 'targetted' - which makes it un-nerving.

Thanks (1)
avatar
By rasmith
04th Mar 2016 10:45

dismiss at your peril

There are two distinct approaches above, those taking the threat seriously, and those dismissing the idea with the concept that no one could be stupid enough to fall for it.

I used to be in the 'dismiss the threat camp'. But bitter experience is a great teacher.

very believable emails, with correct English and tone, lucky timing (when the 'sender' was out of the office but at work). Not an unusual request for our line of business, with promises of full paperwork when back in the office. Second approval for the payment on the basis of the email. How well do you check your co signatories back up paperwork if they have already approved a payment? Are you ever asked to approve or make a payment when you are neck deep in other mentally taxing tasks? Do you always give every payment 100% of your attention?

Is it easier to dismiss the threat, than address it?

 

Thanks (1)
By Ruddles
04th Mar 2016 11:52

The threat is very real

I know of at least two companies - whose staff and officers I would have considered to be alert to such 'obvious' scams - that have lost considerable sums. It would be unwise to shrug off those instances on the basis that "those guys must be stupid and I and my clients are far too clever to be caught out".

Thanks (0)
avatar
04th Mar 2016 12:16

Don't underestimate these perpetrators
I have been contacted to help victims from this form of scam and what becomes clear is the degree of reconnaissance that has been undertaken.
The quality of the information and also grammar has been increasing more recently as the opportunities to extract cash is being fully understood by professional criminal gangs.
It is difficult to legislate for every payment scenario but a robust payment process requiring prompt invoice approval and dual authorisation of payments will help reduce the success of these scams - sadly many small companies have not invested in such processes and are more likely to fall prey to this growing scam.
Training all employees and management is key and keeping awareness will also help greatly.

Thanks (1)
Share this content