Most people, upon receiving an email or request from an important member of the business, such as the CFO or CEO, automatically follow through with it. However, with cyber crime increasingly rampant and the recent CEO Fraud method causing havoc, this is certainly not best practice.
The fraud usually begins in the form of an email or phone call from someone claiming to be a C-Level Officer, asking for a large sum of money to be transferred out of the company. This may seem like a ruse you’d never fall for, but they can be incredibly convincing, especially as they emphasise the importance of immediacy, lest a new business deal, or something equally important, suffer. This fraud has been so successful that in the last 3 years alone, $2.3 billion worth of losses have been reported around the world. Most of this has not been recovered because they tend to involve transfers to accounts outside of the victim’s country.
The GIVEAWAYS – How to spot a CEO FRAUD attempt
The tone – This should be much more obvious in an SME where the CEO or other high level staff are likely to have spoken to or had contact with the employee at some point, especially if they are senior enough to have been given some control over the company’s finances. If the email is written in a casual tone, when communication is usually formal, or vice versa, it may not be the real person writing it.
Any other inconsistencies – If the email is full of spelling mistakes, names are avoided, the wrong signature is used or there’s anything else that seems different, you’re probably dealing with someone who doesn’t know the common practices of the business.It’s a new request – If you don’t usually deal with what you’re being asked to do. If you’re asked to make a transfer out of the business, and you don’t usually manage any business finances, you’re likely being spoken to by a fraudster
The email address is incorrect – Pay close attention to the sender’s address. If the email has a slight inconsistency, such as using exampl3.com instead of examp1e.com, it is likely that the fraudster does not have access to the real CEO’s email and is just trying to use one that is as similar as possible in order to trick someone who isn’t paying close attention.
Obviously, it can be hard to ignore someone claiming to be the CEO, for fear of it being an authentic message and getting into trouble. However it is far better to be safe than sorry – giving away important company information and losing money will bear much greater consequences than denying one genuine request.
Remember that the chance of scam emails getting through can be greatly reduced by modern analytics tools. Small businesses are the main targets of these frauds, as they often consider a good firewall and anti-malware strong enough to protect their systems, which they rarely actually are. Speak to your IT support company for advice on protecting your business adequately.
The bottom line is that all employees, particularly those who deal with any sensitive information, should be incredibly aware of anything that sounds even remotely suspicious, and escalate it to their managers if they believe it could be a fraudster. Even if it turns out to be a false alarm, your attentiveness will no doubt be appreciated – and if it does end up being a real scam, you would have saved the business a lot of time and money.