This or similar might be the start of an email that brings us directly into one of fastest growing forms of cyber fraud, namely CEO fraud.
This or similar might be the start of an email that brings us directly into one of fastest growing forms of cyber fraud, namely CEO fraud. Did you know that according to PwC’s Global Economic Crime Survey 2016 one-third of companies have become victims of cybercrime? Let’s say our blog posts attract on average about 1000 readers. This means if we only look at our readers, we can assume that more than 300, every third of you have been touched by cybercrime in one way or another. Remember when you started university, way or not so way back? And your professor opened the first lecture with the friendly words to look to your left and right because those people wouldn’t be there when you’d be done studying. We could say the same about cybercrime. Look to your left and right; those companies have inadvertently experienced cybercrime in some shape or form. But in what form does this cybercrime manifest itself? What do you think is the biggest security risk for companies when it comes to financial cybercrime? Is it getting hacked? No, the danger lies, as so often, much more on the human side of things. The biggest security risk is actually when C-level executives handle manual payments.
The practicalities of C-level fraud
But how does this C-level fraud actually work? Typically criminals use the authority of the CEO or rather the power of his name. This is why it’s also often referred to as CEO fraud but don’t just watch out for strange requests from the CEO. These criminals might make use of any C-level name they find online to pass the company’s standard security measures. Imagine one fine day you arrive at the office and you see that you have an email that looks like it comes from your CEO. He asks you to transfer money quickly. You might even try to reach him but we all know, CEOs are busy. Those type of emails are typically sent to people who have authority to make payments and, at least, so the criminals think, those kinds of requests reach them more often than once. And that’s how CEO or director fraud happens. A person in the organization who can authorize payments gets a message from one of the c-level managers to quickly transfer money, and well, then the money is gone. It sounds really simple but if we put ourselves in the position of the person receiving the request we see immediately that it’s a smart strategy. Or would you take a lot of time questioning requests your CEO sends? Hands to the heart, we might even be flattered that it was us who got contacted with this important request.
But how does this work? How do criminals know whom to contact to make us transfer money to them? We publish large volumes of information on social platforms daily, and that makes us incredibly easy to monitor and a prone victim for cyber-attacks or ‘whaling’ as it’s also called. Add to this overexposing of personal information and advanced surveillance software which enable fraudsters to trace email addresses of potential victims, and you have the breeding ground for flourishing cyber fraud.
In the next blog post we will explore some concrete actions that everyone can take to protect their organizations from such attempts at CEO fraud.
Karl-Henrik Sundberg is a passionate Cash Management professional with background as a Cash Management Advisor at a large Swedish bank followed by six years as a Cash Management Director at a Treasury department in a global multinational. Educated in Finance but with a "techie" mindset he is often seen speaking to his smartwatch or discussing disruptive Fintech with likeminded.