Skip to main content

CEO Fraud

CEO / CFO impersonation fraud takes place when an email purporting to be from your Chief Executive Officer or a senior member in your company and is sent to the Finance Team requesting that a payment to be made to a supplier or another third party or in some cases to the senior member.

Both small and large companies have been targeted. Very sophisticated companies have fallen for the scam and lost extremely large sums of money in the process.

Fraudsters impersonate the senior member either by hacking into their email account, spoofing the sender’s actual address or use one that is very similar, but almost indistinguishable for example there may be an extra dot or a sneaky extra letter stuck in.

ceo

In the above example, the CEO’s name would appear as normal however if you were to click into the details of the email address you would notice some small difference e.g. com instead of i.e.

To improve the validity of the request the fraudster often includes information gathered about your ogranisation, often through social media. E.g. gathering names of employees through professional networking sites or contacting a different area by phone to get information about the area they are really looking for.

The email generally references a new supplier or a new bank account for an existing supplier in order to divert funds to the fraudsters account.

This type of email frequently requests the payment to be made the same day, sometimes providing a seemingly satisfactory explanation for its urgency. It is often received when the ‘sender’ is away from the office, making it difficult for the recipient to check whether or not it is genuine.

Key Advice

  1. Be on your guard for payment requests that are unexpected or irregular, whatever the amount involved.
  2. Always check with the person you believe sent the email, however senior or busy, that it is from them. If they are not available and the email has requested urgency, check with one of their senior colleagues.
  3. Do not do this by email in case their account has been hacked. Instead, make a phone call, ask in person or use some other trusted communication method.
  4. Don’t allow yourself to be rushed. Take your time and do the relevant checks.
  5. If in any doubt, do not make the payment, however urgent it may seem or whatever the suggested outcome(s).