The email seemed genuine. Sent to the Finance Director, the email stated that a supplier needed paying £50,000 immediately to secure an important contract and the CEO wanted it done as soon as possible as he was on holiday and didn’t want to worry about work. With the Finance Director knowing that his boss was on holiday (an Instagram picture had recently been uploaded by the boss of his Greek getaway) and the email address looking exactly as it always did, the Finance Director didn’t question the email and the transfer was made.
However, the email wasn’t from his boss…
Recently reported on BBC News, a small manufacturing firm lost £150,000 after an employee received an email from a cyber-criminal and mistakenly believed it had come from his boss. This was CEO Fraud.
Cyber attackers are getting even smarter, and will do an extensive amount of research before creating a CEO scam. In this situation, the fraudster found out the boss was on holiday through social media and integrated this into the email to add to its credibility.
This is an all-too-common story, but how can we prevent these CEO scams? Here are 5 helpful tips to help protect your business:
- Awareness training
All members of staff need to be aware of these security threats. If they don’t know what they are looking for, they can easily mistake a CEO scam for a legitimate email. Junior people are more likely to do what they’re told without question. Fraudsters are aware of this and therefore will look to attack the weakest link.
- Improve your money transferring process
Is your process for transferring money as robust as possible? Introducing a phone call to be made for authentication can help you verify company details, the reasoning behind the transfer and confirm who you are sending your money to. We recommend that if you need to transfer money, you should contact the company via their website contact details and not via a link on an email.
- Be wary of look-alike emails
Make sure you check who your emails are coming from. It’s easy to spoof the “From” field in an email address and to edit the name label of a sender. Make sure you check the actual email address, as cyber criminals are known for using look-alike email addresses with just the change of a letter. Our eyes can read over jumbled letters, which makes is very easy to look over such change.
- If in doubt, do not make the payment
It doesn’t matter how urgent or busy your boss may be, you should always check with the person you believe the email was sent from. They will be very thankful that you bothered them as they could have lost an excessive amount of money. However, if you’re unable to speak directly to the sender, check with one of their senior colleagues.
If you have any questions about CEO fraud scamming, get in touch with our team on 0800 9520652 or email firstname.lastname@example.org.