Executive Impersonation Fraud

Company narrowly escapes €20,000 email scam

When the email account of a Company Treasurer was compromised, a series of cleverly timed written communications almost resulted in the fraudulent transfer of €20,000.

The email account of an organisation’s Treasurer was effectively compromised granting fraudsters full access to all email communications. This took place when the Treasurer inadvertently clicked on a link sent via email, which enabled the Cyber Criminal to monitor emails over a period of time.

The cybercriminal identified an opportune time when the individual was on annual leave and sent a fraudulent email to the accounts department, requesting the urgent transfer of €20,000 to a known supplier’s account. The email was written very cleverly, matching the Treasurer’s typical email style and tone, so as not to appear out of character. A filter was then set up to intercept any incoming emails so that when the accounts department did respond with an email request seeking final confirmation – it was captured and replied to by the fraudster. The email also specified new account details for the payment to be made to.

Fortunately by chance the Treasurer phoned the office that day , which revealed there was an issue with the request and the transfer of funds was halted.

The following measures were undertaken as a matter of urgency in reaction to the event:

The Bank was informed
The organisation’s transfer history was reviewed to ensure this had not happened previously.
The email account was shut down and all files were saved for evidence.
The Gardaí /Police were informed.
Tighter internal rules and controls were introduced for the authorisation of transfers.

Thankfully in this instance no funds were fraudulently obtained but the experience is worth sharing to highlight the sophistication of the attempt.

TOP TIP:

Always independently verify new bank account details and the bona fides of the request with your suppliers using existing contact details. Do not reply to out of course emails.

For further information on how you can protect you and your business form email fraud click here

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_LF3SPG5Y8P	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_239897473_1	1 minute	Set by Google to distinguish users.
_gat_UA-105312071-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
cookielawinfo-checkbox-advertisement	5 months 27 days	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	5 months 27 days	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	5 months 27 days	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	5 months 27 days	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	5 months 27 days	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	5 months 27 days	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	5 months 27 days	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	5 months 27 days	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_LF3SPG5Y8P	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_239897473_1	1 minute	Set by Google to distinguish users.
_gat_UA-105312071-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Executive Impersonation Fraud

Company narrowly escapes €20,000 email scam

TOP TIP:

More fraud stories

supported by