Most people have heard of a variety of fraudulent email scams. You are contacted by someone trying to get you to log into an account, or send money for a product you won’t ever receive (or don’t need). CEO Fraud is a newer take on a traditional trick; a target version of a phishing scam called whaling attacks. Instead of pretending to be from a particular company with whom you do business, the scammers pretend to be someone in power at your own company.
Why does the scam work? Consider these key details.
Most People Will Jump to Help Their Boss
When you receive an official looking email from a superior, you normally jump into action. And scammers are counting on that.
Those running these scams know that you are not going to hesitate if you think an email is coming from someone above you in the chain of command. You will go out of your way to handle the request quickly. You may not even ask many questions about the legitimacy of the request.
Since you want to complete the task quickly, you may not notice the warning signs of a potential scam.
How the Messages are Created
Attackers start by getting details about current executives. Often, this information is readily available. Next, they mimic the structure used by that company’s email system. The messages in the email are designed carefully designed. Normally, the emails include instructions for a funds transfer.
Some targeted towards Human Resource professionals will also for details from personnel files. If received, the information is used to commit acts of identity theft and other forms of fraud.
If an employee complies with the request, they can be targeted repeatedly. Since the first request was handled without an unnecessary amount of trouble, they can assume they will continue to do so.
Even Mattel Got Caught by Surprise
One of the most notable occurrences of CEO fraud happened to Mattel, the toy manufacturer best known for the Barbie line. A finance executive was tricked into sending $3 million (approximately £2.3 million) to an account in China. Though the money was ultimately recovered, this shows how convincing these emails can be.
An aerospace parts manufacturer based in Austria, FACC even fired some high level executives after they were victims of a scam. The loss came in at €42 million (£36 million).
False Invoices and Bills
Another scam aimed at businesses include sending fraudulent invoices and bills. This trick can work if the charge seems legitimate. For companies that receive a large amount of mail daily, it is easy to get a fake invoice mixed up with a real one. This is another instance where a business may be targeted repeatedly if the first attempt is successful.
How to Fight Back
The advice given for regular phishing attempts also applies here. If you receive an email that asks for a large funds transfer or sensitive information, take the time to verify the request is actually coming from the person the email claims to be from. Don’t reply to the email or call any phone numbers listed in the email, as these could be part of the scam. Instead, find contact information on your own, or report the incident to a supervisor. By taking precautions, you can help stop a scammer from costing your company, and possibly costing you your job.