In recent weeks, we received dozens of reports from organisations and companies about attempted CEO fraud. This is a recurring phenomenon that crops up especially during holiday periods or just before extended weekends. Scammers take advantage of the reduced attention span during these periods to make their move.
CEO fraud is a form of scam in which cybercriminals contact an organisation's finance department asking it to make an important payment. The scammers assume the identity of the CEO, CFO or a trusted person within the company and ask a finance department employee to make an urgent payment. Since the employee is under the assumption that the request comes from management, there is a real chance that the payment will effectively be made.
We note that this attempted scam often involves contacting an employee from the organisation both by phone and e-mail.
CEO fraud is most likely to be involved when unusual transactions are requested, for unusual reasons, in exceptional circumstances and with very large amounts.
Be extra vigilant:
- when someone asks for confidentiality,
- if urgency is urged,
- if the request is made via an unknown e-mail address or telephone number,
- when there is unusual pressure to give sensitive information or to make a payment,
- in case of transfers to unknown bank accounts,
- when requests are made on a Friday evening or just before a holiday,
- when changing a supplier's payment details.
Example of e-mail in CEO fraud:
The attack usually happens in 2 phases:
Just as a burglar looks for the weak spots of a house beforehand and observes the habits of the occupants, a cybercriminal will try to obtain as much information as possible about the company.
Under a false identity, the scammer tries to extract the following information:
- the identity of employees authorised to make substantial payments,
- the internal payment processes (procedures, account numbers and balance information, etc.),
- the company's suppliers or customers.
This can be done by phone or through a forged e-mail address.
Once the cybercriminal has enough information in his hands, he is ready to carry out the scam. This proceeds as follows:
- The company is contacted by email or phone by the scammer posing as CEO, CFO or another contact known in the company.
- The scammer asks to make an important transfer. The order is presented as extremely important, urgent or secret, with the intention of bypassing existing procedures or counting on fast and confidential handling.
- The employee who believes this request is legitimate will make the payment to the scammer's account.
- Ensure that payment processes are clear and well followed.
- Have clear procedures in place to verify payment transfers or sensitive information requests, especially these via email.
- Inform employees and make sure they have proper training so they recognise the scam quickly and respond appropriately.
- Never click on an attachment or link in an e-mail that you do not fully trust.
- Apply security and payment rules strictly.
- Never describe to strangers how payments are made in your organisation.
- Check that email addresses are correct.
- Contact the applicant on a different phone number or email than the one provided to make sure this is the real applicant.
- Alert the person in charge of your organisation.
- Alert the organisations or individuals whose identity is being used, e.g. if a fake email from a financial institution was used, you can report that fake emails are being sent in their name.
- If the transfer has already been made, contact your bank immediately to cancel the payment.
- File a police report.
- Report the incident to the Centre for Cybersecurity Belgium