Written by Alice Payne
Posted on 13/10/2015

The emerging trend of CEO fraud

271 reads

CEO fraud isn’t, as you might think, fraud conducted by CEOs. Instead, it’s conducted by fraudsters impersonating CEOs and senior executives to trick clients into making payments to fraudulent accounts.

This type of fraud is usually conducted by sophisticated criminal organisations with comprehensive knowledge of the market, its structure and the types of customers or employees that are susceptible.

Common CEO fraud

CEO fraud can take a variety of forms, but there are a couple of common scenarios. For example, a purchaser may make regular payments to overseas vendors. One day, they receive an email purportedly from their vendor contact, asking for payments to be made to a new bank account due to problems with their current bank account or a switch in provider. The vendor’s overseas location makes it more challenging to verify this change and, with a little pressure applied by the vendor, the buyer makes a wire transfer to the new account – into the hands of fraudsters.

Another growing trend targets employees, rather than external clients. For example, a regional CFO of a subsidiary might receive a call, allegedly from the global CEO’s assistant, to request an urgent money transfer to cover a tax payment elsewhere. Naturally, the CFO would want to discuss this first, so calls may be set up and official letter-headed paper used in communications. What’s more, the fraudster would have intricate knowledge of the company’s policies – making the scenario more convincing. But, again, money is wired to a foreign, fraudulent account, and then dispersed rapidly before the fraud is identified.

These types of fraud – and there are numerous variations – draw heavily on the power and persuasion a CEO would incite. Employees may circumvent normal security procedures because the request is coming ‘from above’. For added authenticity, the fraudster may introduce a third party, posing as a lawyer or regulator.

What to watch out for

  • Communications restricted to telephone or email correspondence, instead of face-to-face or video conferencing. 
  • Urgent and exceptional requests – particularly to transfer significant volumes to a foreign bank account.
  • Manual transfers that don’t follow standard procedures but can be used in urgent cases.
  • Persuasive dialogue that may involve an element of secrecy (if a project is ‘under wraps’); authoritative requests, ordering you to act quickly; pressure – implying that your action will influence the outcome of a project; and valorisation – praising your efficiency and discretion. 

How to protect your business

Firstly, make sure your employees are aware of these scams, and know to follow the security procedures in place regardless of who instigates the request. Secondly, be sure to keep computer antivirus software up-to-date and deliver regular anti-fraud training to your employees.

Verify any request for orders, transfers or changes of financial details. The best way to do this is to telephone your original contact using the contact details you have on file for them – or those in an official source, such as a company website. To be extra safe, it’s worth using two forms of contact in case one has been hijacked. And inform your superior, risk or legal department if you have any doubts.