An employee of an Iserlohn company fell for the CEO fraud scam.
Despite corona illness, the 28-year-old was sitting in his home office and working when an email landed in his work inbox. He thought it was from his boss.

“Boss” demands voucher cards

In the email, the employee was asked to buy four voucher cards and send the codes back to the sender. A neighbor got the vouchers and the employee sent the codes via reply email. He then received a new email asking for more codes and then the same thing again. Each time the employee ordered the voucher cards and sent the numerical codes. When he recovered and returned to the company office, he put printouts of the emails in the boss's compartment.

This was a surprise: he hadn't given the orders to buy the cards. An IT specialist at the company took a closer look at the alleged boss emails. In fact, they were not sent from the company server, but from a disposable email address. However, they gave the impression that the boss sent them.

Unfortunately, if the boss can no longer stand in the doorway in person because he or his employees work elsewhere, new doors open for fraudsters. The fraud itself is old and known as “CEO fraud”, in German “Board or boss fraud”.

The fraudsters appear to be well informed about their victims and know who has what powers and options. The emails are significantly better written than in previous years. Much of the information can be freely obtained from the company homepage or social networks. That's why the police advise saving data. Otherwise, fraudsters will know, for example, that the boss is currently on a business trip in Honululu. With this information you write an email to the authorized representative. In it they ask for an express transfer abroad because the boss can supposedly do a good deal.

Then significantly higher damages quickly arise than the four-digit sum in the Iserlohn case.

Tips for prevention

To prevent this, companies should issue clear guidelines and make clear agreements about who is allowed to give instructions - on digital demand, so to speak - under what circumstances.

  • Agree on testing mechanisms, for example via telephone callback.
  • Inform employees about the CEO fraud scam!
  • Check the email senders – e.g. in the email source code.
  • In case of fraud: Report it to the police!

This might also be of interest: eBay classifieds: New scam

Source: Press portal

Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )