Fake management email (CEO fraud)
A fictitious item of confidential correspondence (mail or post) from management addresses an employee in the company about a merger.
How the fraud works:
A fake, seemingly internal email instructs an employee to carry out a transaction. In most cases the instruction comes from management, e.g. indicating that the employee will get a phone call from a trusted lawyer. A scenario familiar to many of us, intended to trick an employee, is an upcoming merger, which is strictly confidential due to the fact the employee’s own company is listed on the stock market. The caller usually corresponds several times with the employee concerning orders. We are also aware of simulated telephone and video conferences. The payment recipients are mostly based in other European countries, in South East Asia or China.
How can you protect yourself in this case?
- If you receive a suspicious email, get in touch with your management by telephone immediately.
- Be aware of the information you and your employees publish about your company.
- Introduce clear absence regulations and unambiguous rules, e.g. for deputizing.
- Inform your employees about fraud scenarios.
What to do if you are affected:
Recall the transfer immediately through the bank where you hold your account with notification to the recipient bank. Amounts that have already been credited are usually only very difficult to recover. Report the case to the police.