They pretend to be your CEO
CEO/Business Email Compromise (BEC) fraud occurs when an employee authorised to make payments is tricked into paying a fake invoice or making an unauthorised transfer out of the business account.
How does it work?
The method is based on an employee’s eagerness to quickly carry out tasks when they are specifically requested to do so by senior management. The fraudsters appear to have considerable knowledge about the organisation and the emails appear very convincing.
What are the warning signs?
- Direct contact by a senior official through an unsolicited email or call.
- Request for absolute confidentiality.
- Pressure and sense of urgency.
- Unusual request in contradiction with internal procedures.
- Threats or unusual flattery and/or promises of reward.
What can you do?
As a company
- Be aware of the risks and ensure that employees are informed and aware too;
- Encourage your staff to approach payment requests with caution;
- Implement internal protocols concerning payments;
- Implement a procedure to verify the legitimacy of payment requests received by email;
- Establish reporting routines for managing fraud;
- Review information posted on your company website, restrict information and show caution with regard to social media;
- Upgrade and update technical security;
- Always contact the police in case of fraud attempts, even if you did not fall victim to the scam.
As an employee
- Strictly apply the security procedures in place for payments and procurement. Do not skip any steps and do not give in to pressure;
- Always carefully check email addresses when dealing with sensitive information/money transfers. Fraudsters often use copycat emails where only one character differs from the original;
- If you have doubts about a transfer order, consult a competent colleague, even if you were asked to use discretion;
- Never open suspicious links or attachments received by email. Be particularly careful when checking your personal mail boxes on the company’s computers;
- Restrict information and show caution with regard to social media;
- Avoid sharing information on company hierarchy, security or procedures;
- If you receive a suspicious email or call, always inform your IT department.