SilverDisc Blog

2nd June 2017

What Is CEO Fraud, and How Can It Affect You and Your Business?

CEO Fraud involves scamming the finance department of a business into transferring large amounts of money into a fraudster’s bank account. An email will be sent by someone who appears to be the CEO of the same business, so the finance department employee is happy to oblige. Shortly after the transfer is made, the money is transferred into different mule accounts and the original bank account is shut down, making the transfer difficult to trace.

Who would fall for a cyber scam like this?

It all sounds very straightforward and obvious. However, it’s much easier to fall for than you might think. How often do you check, double check and triple check the email and email address from the CEO? If your boss emails you with an urgent request, you’re less likely to question what they say. If the language, wording, phrasing and layout don’t raise any suspicions, why would you check the sender address? If you’re frequently receiving emails from the CEO to transfer money, why would another one be cause for concern?

Banks are now taking to our televisions to warn us of scams like this, such as this example from Barclays:

Here at SilverDisc we very nearly fell victim to an attack of this nature. Our finance director was emailed by what appeared to be Alan, our Managing Director, asking for a bank transfer of approximately £9,000. Luckily, the mistake was spotted and the money transfer was halted at the last minute, but it goes to show just how easy it is to fall victim. This taught our Finance Director a valuable lesson, and he is now much savvier about the issue - so much so that he is now prepared to engage the scammers to see how far they will push things, as the following example shows.

Scammer vs SilverDisc

From: "Alan Perkins" <[email protected]>
Date: 19 April 2017 at 11:06:01 BST
To: "Paul Mcgroary" <
p*******[email protected]>
Cc: 
[email protected]
Subject: Re: **(TDK Ltd)**

Paul, The invoice has been re-attached. Kindly email me once received.

Kind Regards.

Alan Perkins

Sent from my Windows Mobile

This was the initial message sent from ‘Alan’ asking our Finance Director Paul for a bank transfer. Whist the sender says it’s ‘Alan Perkins’, the email address reads ‘[email protected]’, which is not linked to the real Alan in any way. It also says, ‘sent from my Windows Mobile’, when Alan doesn’t use a Windows phone. It’s been sent to two email address for Paul… one of which is correct, the other is a guess. Paul doesn’t use [email protected], but they have phished enough to get his personal email address.

This all seems pretty obvious, but Paul decided to see just how far the scammer would go to try and convince him to make the payment. What follows is an interesting dialog between Paul and the scammer.

Paul:

Sorry Alan I cannot see it.

Would it be ok to sort out tomorrow when I am back in the office?

‘Alan’:

Paul, I have re-attached it as it needs to be sorted today because of the due date on the invoice. Email me if you can get it now.

Kind Regards.

Alan Perkins

Paul:

Hi Alan

Who approved this? I don't remember doing so. Was it when I was away fishing last month.

Anyway I will get it sorted after lunch but first I want to check it against the signed contract. I don't recognise this amount or supplier, it's a very small sum so I want to check it given our decision to move away from these very tiny suppliers.

Actually on second thoughts is it a recharge in respect to the BA account? If that's so it would explain why I cannot remember it.

If you can come back to me and I will pay around 2pm ish.

Regards

‘Alan’:

Paul, Can you confirm any progress on the payment of the invoice I sent earlier. Kindly keep me posted.

A.

Here the scammer is making the conversation appear casual, trying to impersonate Alan by signed off as ‘A’. Anyone who knows Alan, knows he never signs off as ‘A’. But nice try…

Paul:

Hi Alan

On my way to the bank now. Sorry for the delay it was because I had a very nice lunch with Bob who wants to do a fair bit more business from June onwards.

You cannot hurry lunch when the man wants to send us £80,000 plus a month in spend. Also the wine was very good!

Take care

Regards

Paul

Paul is clearly messing with the scammer here, claiming that he is on his way to the bank, and making up a meeting with an imaginary ‘Bob’, claiming to have been drinking wine and imagining a lucrative business deal!

‘Alan’:

Going to have limited access to emails till later, You can email me once it's processed.

Regards.

Alan.

Paul:

Just sent and now heading to the underground.

Will check that its gone through before I catch the 4.30 train

This is all a lie, Paul was in fact sat at his desk.

‘Alan’:

Good, Can you send a confirmation receipt of the payment made to make necessary reports.

Regards.

Alan.

Paul:

Hi Alan

The bank rang and said we went over our daily £200,000 payment limit today. So the payment will go out first thing tomorrow. Nicky must have undertaken the mid month payment run today because of the bank holiday on Monday.

If they complain let's just cut them from the rota as I said we really shouldn't be dealing with these little players.

See you after lunch tomorrow.

Regards

__

Speak tomorrow if your struggling to work it out?

Remember I am the one who had the good lunch! What did you have?

__

Just sent, see you at 1pm then.

Paul had, of course, not made the bank transfer. Everything he has mentioned about Nicky and payment limits is untrue.

‘Alan’:

No problem, Can you send the confirmation receipt so I can make necessary reports.

Kind Regards.

Alan Perkins

Paul:

Hi Alan

NW don't do reports anymore for businesses like us. Nicky just checks it in a couple of hours on the bank interface.

It's been like that for months which is why our bank charges are now lower.

Regards

Here Paul is pointing out a few key points, putting pressure on the scammer by questioning their knowledge.

‘Alan’:

That I understand clearly, Which form was the transfer made ? CHAPS, BACS or Faster payment ? I just need more details. Has our account be debited yet?

Kind Regards.

Alan Perkins

Paul:

Hi Alan

Fast payment of course and I will check when I get in the office at 1pm. NW are often a bit slow as against the Barclays account we use for the DDR 1989 venture.

As I said if they complain let's not do any business there again.

‘Alan’:

Paul, Kindly instruct Nicky to send the screenshot of the confirmation page on our bank interface.

Alan Perkins

The scammer is now bringing “Nicky” into the equation, using information that Paul gave them in an earlier post!

Paul:

You can see it on the screen yourself given your two metres away!

Here you can see Paul is playing around with the scammer, putting on the pressure and highlighting the fact that the scammer does not realise we have the luxury of an open plan office, where the management team sit alongside other members of staff.

‘Alan’

I am currently not on seat, Do you think I will bother you if I were ?

Alan Perkins

Anyone who knows Alan knows he wouldn’t respond in this way. It’s certainly a risky move considering Paul’s previous message.

Paul:

Hi Alan

Yep it's sent and the print of the screen shot is on your desk.

Where are you? At CCCP?

Happy now

‘Alan’:

Yes, Thanks.

Kind Regards.

Alan Perkins

Paul:

Dear "Alan"

Thank you for the pleasure of reading your emails over the last couple of days.

You have kindly provided a text book example to us demonstrating the perils of Corporate Phishing.

It’s likely that we will then use this thread of emails for the purposes of highlighting the dangers to our clients either in blogs and or an article in the local business press. Hence our thank you.

By the way you were identified as a fraudster based on your first email.

Kindest regards

Paul Mcgroary

Finance Director

SilverDisc Limited

PS If you would like to have you name and address sighted in the article we would be grateful for your contact details.

An excellent final email from Paul – safe to say the scammer didn’t reply!

How can businesses protect themselves from CEO Fraud?

It’s all very well being aware, but what’s lacking is the knowledge how to detect an attack like this. Here are a few tips:

  • Ensure all staff, not just finance teams, are well informed of not just the threat, but how to accurately spot the threat.
  • Have a system in place which allows staff to properly verify contact from their CEO or senior members of staff. This might involve having two points of contact to check legitimacy, or a direct phone number to the CEO.
  • Always review financial transactions to check for inconsistencies/errors, such as a misspelt company name.
  • Consider what information is publicly available about the business and whether it needs to be public.
  • Ensure computer systems are secure and that antivirus software is up to date.

At SilverDisc we are advocates for cyber security, and with so many potential threats out there in the online world, it has become increasingly important for businesses to stay alert and informed. Another prime example of these growing threats is ransomware, as proven by the NHS cyber-attack in May. You can find out more about this, as well as Alan’s recent radio appearance regarding cyber security, in Sam’s blog post, ‘Five Ways To Protect Your SME Against Ransomware’.

Free eBook For Online Retailers

Download our Navigating the Biggest Challenges for Online Retailers eBook now for insights into AI and Machine Learning, Personalisation, Automation, Voice Search, Big Data and more.

Download eBook
x

Like What You've Read?

Subscribe to our monthly newsletter to receive our latest blog posts and our take on the latest online marketing news