20 October 2015

Could someone impersonate your CEO? Spot the warning signs

We have recently seen a number of businesses fall victim to CEO impersonation fraud. The impact of fraud on a business can be devastating. Not only could it result in substantial financial loss, but it could also have a negative effect on the reputation of the company. CEO impersonation fraud, however, can be avoided by ensuring that the appropriate procedures and safeguards are in place.

What is CEO impersonation fraud?

CEO impersonation fraud occurs when an individual assumes an identity, often of the CEO or member of the senior management team, to perform a fraud.

The cases we have seen recently follow a similar pattern:

Step 1 – Fraudsters hijack the identity of an individual in senior management by using a virtually identical email address.
Step 2 – Using the stolen identity fraudsters instruct the business to make a large payment to a third party.
Step 3 – The business makes a payment to the (false) third party.
Step 4 – When the victim of the stolen identity is informed of payment the fraud is unearthed.

Warning signs

Any email seemingly from an individual in a senior management position asking the company to send a large payment to a (usually previously unknown) third party should set alarm bells ringing.

Fraudsters can generate emails that look convincing. They may also have inside help with choosing targets and preparing communications. For example, we have seen CEO impersonation fraud take place when the victim of the stolen identity has been on holiday. Other tactics have been used, such as insisting on email conversation (due to the 'CEO' being in meetings or travelling) or creating a sense of panic by requesting that payments are made urgently or by suggesting that a previous request has been ignored.

What can you do?

We suggest that you urgently review your anti-fraud measures, for example:

  • Update employees about the occurrence of CEO impersonation fraud.
  • Always confirm that payments to third parties, known or unknown, are genuine by checking with the individual requesting payment, using an alternative means of communication. Alternatively ensure that both the payee and the invoices are genuine.
  • Instruct employees with responsibility for paying invoices to check for irregularities and raise any suspicions with the individual requesting payment, remembering that the contact details on the request may not be genuine.
  • Regularly review internal procedures for authorising payment.

What should you do if you are a victim of this fraud?

Act immediately:

  • Notify your insurer
  • Report this to Action Fraud through their website and preserve all relevant documents.
  • Contact us immediately – we can put a stop on bank accounts, advise on how to recover money and help you to deal with the police.


Category: Article