Fraudsters manipulate employees of companies or clubs!

On March 3rd, 2021, the treasurer of a club in the Donnersberg district received an email supposedly from the club's first chairwoman. She asked them to report the account balances. She was also asked to transfer an amount of 8,139.60 euros to a recipient in Italy and to confirm the payment. Since the treasurer found this approach strange, she didn't transfer any money, but called the first chairwoman, which exposed the attempted fraud.

In the “CEO fraud” scam (CEO = Chief Executive Officer), also known as boss fraud, the perpetrator in most cases poses as the boss, managing director or senior employee of a company, or as in this case as the chairman of an association, and requires employees to transfer money to a specific account. Contact is usually made by email or telephone, with email addresses falsified and telephone numbers concealed.

The police advise:

Inform your employees / club members about the “CEO fraud” scam. Be careful about what information you publish about your company/club, as the perpetrators first collect information and thus gain the necessary insider knowledge for their fraud. Their victims are usually accounting or accounting employees who are authorized to make wire transfers. Agree on clear absence regulations and internal control mechanisms for payment orders. In cases of doubt, you should definitely contact the alleged client.

[mk_ad]

CEO? What is that? According to Wikipedia : "Chief Executive Officer (CEO) is the US name for the executive board member (German, Swiss and Austrian name: Managing Director )..."

CEO fraud/Business Email Compromise (BEC) occurs when an employee with payment authority is tricked into paying a fictitious invoice or making an unauthorized transfer from the company account.

How does this work?

The method takes advantage of the employee's desire to complete tasks as quickly as possible when explicitly requested to do so by management. The scammers clearly have considerable knowledge of the organization and the emails appear extremely convincing.

What warning signs are there?

  • Direct contact from a senior executive using unsolicited emails or phone calls.
  • Please ensure complete confidentiality.
  • Pressure to act and urgency.
  • Unusual request that contradicts internal procedures.
  • Threats or unusual flattery or promises of reward.

What can you do?

AS A COMPANY:

  • Be aware of the risks and ensure that your employees are also informed and sensitized;
  • Encourage your employees to approach payment orders with caution;
  • Implement internal payment processing protocols;
  • Implement a procedure for checking the legitimacy of payment orders received via email;
  • Implement regular fraud management reporting;
  • Review, limit, and use social media (hereinafter sometimes referred to as “social media”) information posted on your company’s website;
  • Improve and update technical security;
  • If you have attempted fraud, always contact the police, even if you are not the victim of the fraud.

AS AN EMPLOYEE:

  • Strictly apply existing payment and procurement security measures; Don't miss a step or give in to any pressure;
  • For sensitive information/money transfers, always carefully check email addresses; Scammers often use copycat emails that differ from the original by just one character;
  • If you have any doubts about a referral order, even if you have been asked to exercise discretion, consult a competent colleague;
  • Never open suspicious links or attachments in an email; Be especially careful when checking your personal mailboxes on company computers;
  • Limit information and use social media carefully;
  • Avoid sharing information about company hierarchy and security or procedures within the company;
  • If you receive suspicious emails or calls, always inform your IT department.

Download the information sheet CEO Fraud

Source: Internet Crime Guide | Police Lower Saxony | Joint cyber fraud awareness campaign between Europol and the European Banking Association (EBF) as part of the European Cybersecurity Month (ECSM)
Article image: Shutterstock / By Andrey_Popov
Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )