“CEO fraud" is when a perpetrator instructs someone in the company to make a payment to a (typically foreign) account on behalf of the head of the company. The instruction is usually sent from a fake e-mail address. The reasons given for the transaction vary, but it is usually an apparently urgent and extremely confidential payment.
The con men know exactly how to exert pressure on the employee in question to bypass the official processes in place and make the payment.
It is almost impossible to prevent such fraudulent e-mails from being sent. The fraudsters conceal their identity and where they are from. They can also change their address at any time if necessary.
The best recommendation for preventing such incidents is therefore to raise staff awareness, particularly in departments that are likely to be targeted by such scams (e.g. accounts, finance).
- Never give out information if you receive an e-mail from an unusual or dubious source. You should also never follow instructions from such sources, especially if you are put under pressure.
- It is important that companies control any information concerning their own company and employees that is available online.
- Processes should be defined and all employees should follow these at all times. For example, it is worth specifying a two-person integrity principle with a collective signature principle for larger transfers.