Executive Impersonation Fraud
Company narrowly escapes €20,000 email scam
When the email account of a Company Treasurer was compromised, a series of cleverly timed written communications almost resulted in the fraudulent transfer of €20,000.
The email account of an organisation’s Treasurer was effectively compromised granting fraudsters full access to all email communications. This took place when the Treasurer inadvertently clicked on a link sent via email, which enabled the Cyber Criminal to monitor emails over a period of time.
The cybercriminal identified an opportune time when the individual was on annual leave and sent a fraudulent email to the accounts department, requesting the urgent transfer of €20,000 to a known supplier’s account. The email was written very cleverly, matching the Treasurer’s typical email style and tone, so as not to appear out of character. A filter was then set up to intercept any incoming emails so that when the accounts department did respond with an email request seeking final confirmation – it was captured and replied to by the fraudster. The email also specified new account details for the payment to be made to.
Fortunately by chance the Treasurer phoned the office that day , which revealed there was an issue with the request and the transfer of funds was halted.
The following measures were undertaken as a matter of urgency in reaction to the event:
- The Bank was informed
- The organisation’s transfer history was reviewed to ensure this had not happened previously.
- The email account was shut down and all files were saved for evidence.
- The Gardaí /Police were informed.
- Tighter internal rules and controls were introduced for the authorisation of transfers.
Thankfully in this instance no funds were fraudulently obtained but the experience is worth sharing to highlight the sophistication of the attempt.
Always independently verify new bank account details and the bona fides of the request with your suppliers using existing contact details. Do not reply to out of course emails.