Report Incident


Icon representing Alert - Microsoft Tech-Support Scammers using WannaCry attack to lure victims
Alert - Microsoft Tech-Support Scammers using WannaCry attack to lure victims

May 24th 2017
Default icon for news items
NCSC: Latest statement on international ransomware cyber attack

May 15th 2017
Icon representing 'Alarming' rise in ransomware
'Alarming' rise in ransomware

May 11th 2017


Would you consider a cyber security certification for your business?

Yes, it's a potential USP, you can't put a price on that
No, it's not worth the time investment
Yes, provided it was cost proportionate to my size of business
No, they're too expensive
Yes, it demonstrates my commitment to the security of the data I hold

Alert: Fraudsters that claim to be your CEO

July 18th 2016
Action Fraud has seen an increase in reports from businesses that have fallen victim to fraudsters who are purporting to be CEO’s, resulting in huge financial losses.  

How does CEO fraud work?
A company, often with multiple offices, is targeted by a fraudster who purports to be the CEO of the company and often claims to be based in another country. 

The fraudster contacts someone within the finance department and requests payments to be made into bank accounts, saying it is part of a highly sensitive acquisition, merger or property purchase.

Initial contact appears to primarily be made via email from an address similar to the one the CEO would use, although there are some reported instances where fraudsters have called up to make themselves appear legitimate. In addition, a second fraudster may be introduced, who poses as a lawyer or regulator.

With a strong social engineering element, the fraudster often requests that they, as the CEO, are not contacted further by the financial officer as they are busy. Alternatively the fraudster may pick occasions when the real CEO is on holiday, therefore preventing financial officer from checking the validity of the request.

Typically the average amount given to fraudsters is around £35,000, but we have seen some extreme cases where one company lost £18.5 million.

How to spot and prevent this type of fraud
Review internal procedures regarding how transactions are requested and approved, especially those in relation to verification.
Always check email addresses and telephone numbers when transactions are requested. If in doubt request clarification from an alternatively sourced email address/phone number. Remember fraudsters can easily set up a look-alike email addresses that are one or two letters off from a company’s true domain name.
Don’t be afraid to question details when being tasked to transfer money at short notice.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.

Sign up for free to Action Fraud Alert to receive direct, verified, accurate information about scams and fraud in your area by email, recorded voice and text message.