CEO fraud number 3 on the list of corporate fraud

Floris van Veen Blog CEO fraud, executive phishing meaning, phishing, spoof, vpn

Company theft is number 1, non-competition and non-solicitation fraud is number 2 and this year (2022) CEO fraud – also known as executive phishing – has climbed to third place. But what is it actually?

This is what you need to know about CEO fraud

The boss emails you with an assignment. You have to transfer an amount of money to an unknown party. That is very normal in a company. But is it really so innocent? If you transfer money blindly because the boss asks you to, the entire company may become a victim of so-called CEO fraud. In CEO fraud, the boss often gives an order, for example, to pay an invoice with a considerable value, or to pay for an acquisition, for example. It is better to check with your boss for such large expenses, because before you do it again you are a victim of fraud.

What is CEO fraud?

It is an increasing problem in the Netherlands: CEO fraud. This is a type of fraud and scam where cyber criminals pretend to be the boss of the company where you work. They often use employee email accounts. For example by spoofing or hacking them. At the spoof the mail server settings are not secure enough, allowing external users to impersonate the company executive. If the boss's email turns out to be hacked, there's little you can do about it. Therefore, it is important to be careful when using public networks. For example, by encrypting network traffic with a VPN.

In CEO fraud, the scammer poses as a high-ranking executive. In small businesses, it's often about the boss. In larger companies, this usually involves the boss of the finance department. The employee receives an email from the Finance department to transfer money and make a transfer, without asking. In short, the employee has to transfer a lot of money to an unknown party. In other cases, no money is involved, but the cyber criminals are after trade secrets.

How do you recognize CEO fraud?

CEO fraud can sometimes be difficult to spot. Especially if the cyber criminals mimic the language of the executive. But in most cases the supervisor behaves in his e-mail slightly differently than usual. For example, he may place strong emphasis on his authority. He then emphasizes that he is in charge and you must do as he says. So you get an order to transfer a lot of money quickly.

The CEO will also say that it is a confidential assignment. You can't talk to anyone about it. Not with your colleagues and not with other managers. In addition, you will be informed in the email that you are important to the company and that someone has been specifically selected to fulfill the assignment. For example, because he has been with the company for so long, or because he made an impression.

In the e-mail it quickly becomes clear that all the burden is on your shoulders. It is entirely up to you whether that important acquisition is a fact or not. In this way, the employee experiences a lot of pressure. Usually the sender addresses are forged. For example, it is possible that the letter 'i' has been replaced with an 'l' and vice versa. The emails almost always state that speed is required, otherwise the deal will fail.

CEO fraud prevention

It is important to have this form of prevent fraud† Because both small and large companies suffer from it. Often the e-mail addresses are slightly different. So it is important to pay close attention whether the e-mail address is real comes from the manager. In addition, there is a good chance that the recipient's account number is incorrect. That is why it is wise to always inform your manager in the case of large amounts or sensitive information. Is this really a legitimate transaction?

Do you feel that something isn't right? Then don't do this transaction. Chances are you will have to deal with all kinds of excuses. The scammers often come up with all kinds of reasons why the payment must be made quickly and why normal procedures are sidetracked. Consult with your colleagues, especially if the e-mail states that you are not allowed to do so.

If it went wrong, we can of course also help with it research.

Less CEO fraud thanks to VPN

CEO fraud often happens after the scammers find all kinds of traces of employees and companies. You leave those traces by surfing the internet. That is why it is important to Virtual Private Network (VPN) to use. That way you can surf the internet anonymously. In addition, there are various providers that protect you against phishing. In this way, entrepreneurs can prevent their e-mail data from being stolen and misused for CEO fraud.

A VPN is a private network. All data you send is encrypted and sent through the tunnel. On the other hand, the VPN connection decrypts the request and forwards it. The answer is encrypted again by the tunnel, so that you receive it encrypted and cyber criminals cannot view it. Because a VPN is often located abroad, you can hide your location.