09 Nov 2020

What is CEO fraud and how can we avoid it?

If you receive an urgent transfer request from a senior colleague, beware: your business might be at risk. 

What is CEO fraud?

CEO fraud is a type of scam where a CEO, director, or another member of staff is impersonated by fraudsters. Their aim is to trick people into thinking a request is genuine because it came from a senior colleague.

 

Usually, fraudsters use this type of social engineering to ask people to change their payroll details, pay an invoice to a new account, purchase gift vouchers “for employees” and send them the codes or divulge sensitive data about the company, clients or employees.

 

This type of fraud is on the rise. As people work from home more often, they might have fewer opportunities to check with colleagues whether an email is genuine. 

How can you spot a CEO scam?

1. Check for signs of impersonation

If you receive an unexpected email, pay close attention to the email domain, and be cautious if it originated outside your organisation. However, bear in mind that fraudsters have the technology to spoof email addresses, too.

2. Verify all payment requests

Check directly if the request was genuine, preferably over the phone or video call. Do not call back on a number in the body of an email, as fraudsters can manipulate this. Sourcing a number from your corporate directory is ideal.

3. Think twice before sharing data

Be careful about sharing sensitive data with colleagues. Always verify that the request is genuine by talking to the person who requested the information and making sure they have the necessary permission to view it. 

How can you protect your business from CEO scams?

Talk about it

Make sure employees know about CEO fraud, that they should approach senior staff to verify payment requests, and are aware of the types of requests they may receive in their roles. 

Have a process for payments

Implement four or six-eye checks on payments and make sure that everyone checks for irregularities before instructing a payment or changing bank details.

Implement firewall controls

Effective firewalls block or highlight emails that originate from outside your organisation, making it easier for people to notice that something is not right.

UK fraud reporting hotline:

Channel Islands reporting hotline:

Discover extraordinary solutions from Investec for individuals, businesses and intermediaries

Private clients

From private banking to wealth management and investment services, you can receive tailored financial solutions, whether you are aiming to actively grow your wealth or seek optimal returns on your capital. We can help fuel your success by building a relationship with you for the long term.

Businesses

Access a comprehensive range of solutions spanning capital, advice and treasury risk management. As an international corporate and investment banking business, we work with growth-orientated companies, institutions and private equity funds.

Intermediaries

Whatever your clients’ goals and ambitions, our flexible range of intuitive, market-leading products and services help you deliver on their needs, enhance your reputation and reduce your admin burden, freeing up more time for you to focus on financial planning.