Home
Articles
Resources
FAQ
Members
About
Report Incident
My
Contact

News

Icon representing Alert - Microsoft Tech-Support Scammers using WannaCry attack to lure victims
Alert - Microsoft Tech-Support Scammers using WannaCry attack to lure victims

May 24th 2017
Default icon for news items
NCSC: Latest statement on international ransomware cyber attack

May 15th 2017
Icon representing 'Alarming' rise in ransomware
'Alarming' rise in ransomware

May 11th 2017
 

Poll

Which aspect of cybercrime concerns you the most?


Phishing E-Mails
Cyber Stalking / Bullying
Data Theft
Online Fraud
Activity Snooping
 
 
 

Alert: Fraudsters that claim to be your CEO

 
July 18th 2016
Action Fraud has seen an increase in reports from businesses that have fallen victim to fraudsters who are purporting to be CEO’s, resulting in huge financial losses.  

How does CEO fraud work?
A company, often with multiple offices, is targeted by a fraudster who purports to be the CEO of the company and often claims to be based in another country. 

The fraudster contacts someone within the finance department and requests payments to be made into bank accounts, saying it is part of a highly sensitive acquisition, merger or property purchase.




Initial contact appears to primarily be made via email from an address similar to the one the CEO would use, although there are some reported instances where fraudsters have called up to make themselves appear legitimate. In addition, a second fraudster may be introduced, who poses as a lawyer or regulator.

With a strong social engineering element, the fraudster often requests that they, as the CEO, are not contacted further by the financial officer as they are busy. Alternatively the fraudster may pick occasions when the real CEO is on holiday, therefore preventing financial officer from checking the validity of the request.

Typically the average amount given to fraudsters is around £35,000, but we have seen some extreme cases where one company lost £18.5 million.

How to spot and prevent this type of fraud
Review internal procedures regarding how transactions are requested and approved, especially those in relation to verification.
Always check email addresses and telephone numbers when transactions are requested. If in doubt request clarification from an alternatively sourced email address/phone number. Remember fraudsters can easily set up a look-alike email addresses that are one or two letters off from a company’s true domain name.
Don’t be afraid to question details when being tasked to transfer money at short notice.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.

Sign up for free to Action Fraud Alert to receive direct, verified, accurate information about scams and fraud in your area by email, recorded voice and text message.