Welcome to #WeekendWisdom number 31. This week we’re going to talk about CEO fraud.
What is CEO Fraud?
It is a type of scam that is perpetrated by organised criminal gangs where they will send an email, apparently coming from the CEO of that organisation. It will be sent to the CFO, financial director or accountant. They request that some invoice or an outstanding amount is paid urgently and by electronic funds transfer (EFT) to a new account. Details of this new account are then provided for the money to be transferred into.
It will also be implied in the email that the CEO is unavailable to take a telephone call to verify the instruction. They might be in a meeting or getting on board flight. So if the CFO, finance director or accountant makes that payment, that money is gone and it would be irrecoverable usually.
How big a deal is it?
It is a huge deal! In fact CEO fraud, or as they call it in the US, Business Email Compromise (BEC), it was actually the number one type of cybercrime by value in 2019. Some $1.7 billion dollars were lost to CEO fraud. Nearly 24,000 victims of that crime in 2019 in the US. So it’s quite significant.
How can you protect against it?
The simple way to protect against this is that no matter what the situation any email correspondence to instigate a payment must be verified by a follow-up telephone call. It has to be carried out. There must be another verification step there in order to validate the instruction.
So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.
How can L2 Cyber Security help you?
We offer a full range of training programmes, which can be delivered online or in-person*.
L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training.
Contact us for more information at info@L2CyberSecurity.com.
*With appropriate social distancing and other health and safety measures adhered to.