What is CEO fraud

smiling-middle-aged-ceo-business-man-looking-at-ca-2024-02-09-16-00-55-utc

CEO fraud, also known as president fraud or false corporate officer scam, is based on a targeted phishing technique in which a fraudster poses as a trustworthy person to convince you to send money or disclose financial information.

Fraudsters can find out information about the company, its executives and their habits in a variety of ways: searching websites and social media, calls, fake surveys and targeted emails.

Advances in artificial intelligence, deep fake and voice cloning make it increasingly difficult to discern the real from the fake.

WHAT ARE THE SOURCES OF CEO FRAUD?

  • Security vulnerabilities are present.
    These frauds often take place in an environment where prevention, detection and security monitoring tools are inadequate.
  • Internal control systems are inadequate
    Internal controls to ensure the security of company data are insufficient or ineffective, opening the door to fraudsters.
  • Lack of targeted awareness.
    Lack of knowledge about the risks of fraud, the types of attacks currently known and how they work, leaves employees vulnerable to fraud.

SIGNS TO LOOK OUT FOR

Requests for financial transactions.

  • Pressure to act quickly ;
  • Request must be kept confidential;
  • Abnormal procedures;
  • Unusual direct contact with a senior executive.

Requests for sensitive information.

  • Instruction to click on a link to a web page;
  • Request for financial account information;
  • Requests for tax information.

Unexpected emails

  • Payment requests outside the normal framework;
  • Payment requests for goods never ordered;
  • Suspicious or unreliable attachments or links in the email.

FRAUD SCENARIOS

 An employee receives an email from the company’s president or a senior executive explaining that he or she has been selected to make an urgent transfer of funds to a bank account, often abroad, for a confidential transaction. Following this email, a lawyer calls the employee with instructions for the transfer of funds.

  • False email from a compromised employee email. The fraudster poses as an employee and sends an email requesting the modification of his data for direct payroll deposit into a fake account.
  • Supplier account change. The fraudster uses a supplier’s compromised email account to request that payment terms be changed and future payments deposited into a new, fraudulent account.
  • Banking technician. The fraudster poses as a bank employee who must carry out a transfer test. He assures that the transactions carried out are entirely fictitious but gives precise instructions for carrying out a real funds transfer.
  • Impersonation of bank customers. Using a fake email account of a real customer, the fraudster requests an urgent transfer of funds, often abroad.
  • Gift card fraud. The fraudster assumes the identity of a senior executive (by email or SMS) and asks an employee to purchase gift cards and send him their codes.

 HOW CAN WE PROTECT OUR BUSINESS? 

  • Raise awareness and train employees on good security practices and inform them about frauds targeting businesses.
  • Never open emails or click on attachments or links from unknown addresses, which may contain malware.
  • Don’t rely on phone numbers in suspicious emails: contact the requester by another means of communication to confirm that the request is legitimate.
  • Block emails from unknown addresses to reduce the risk of phishing.
  • Use a two-factor authentication application for payment requests.
  • Use authorized double signatures and multi-factor authentication for bank transfers.
  • Have clear policies on the amount and type of information published on social media.
  • Make sure your operating systems and antivirus software are up to date for all your devices (computers, laptops, cell phones) and servers.
  • The security of all your systems should be assessed globally to identify whether your environment is already at risk or compromised. Cybersecurity tools are available to protect you from fraud attempts.
  • Assess the effectiveness of your internal controls on system access, password strength and bank transfer authorization processes.

WHAT TO DO IN CASE OF FRAUD?

CEO fraud (with or without transfer of funds) is a criminal act.

  • Report the incident to your IT staff.
  • File a complaint with your local police.
  • Report the incident to the Canadian Anti-Fraud Centre.
  • Notify your financial institution.
  • If a transfer of funds has been made, contact your insurer.

Source of information for this article:
  The president’s fraud – Royal Canadian Mounted Police. https://www.rcmp-grc.gc.ca/fr/fraude-du-president

Contact us to ensure your compliance, increase your cyber resilience, reduce your risks, and optimize your costs.

Subscribe to our Newsletter

We strive to produce content that will be useful to you, which will let you know about the latest useful products as well as sustainable solutions for your IT fleet.

You may also like

Share this post with your friends

Leave a Comment

Secur01 is an ideal IT security partner for your business. Whether it is a simple IT support or more complex IT repairs, our team of qualified IT technicians will be able to respond to the need. Look no further for any form of IT support. We cover the main metropolitan areas of Montreal and Toronto.

Secur01 inc.
7875 Bd Louis H. La Fontaine Anjou, QC H1K 4E4
514-732-8701

Facebook-f Twitter Linkedin Youtube
Contact Us

About

Services

Copyright © 2021 Secur01 | Powered by DigiDezin
118GROUP
Rated 4.9/ 5 based on 20 customer reviews
Secur01 Inc.
4455 Autoroute 440 West, Suite 283 Laval, Quebec
Phone: 514-732-8701 $9-$999

Free Consultation

We will call you in a moment