Businesses in United Kingdom Targeted By “CEO Fraud”
By Paul Liu
Wednesday, November 23rd, 2016
Businesses around the world, and especially in UK, have been targeted by a new type of high-tech fraud in the recent months. Dubbed as “CEO Fraud” (or “President Fraud”), the scam has already cost global businesses over 2 billion dollars (£1.43 billion) in the last 2 years. What’s worse, the frequency of attacks is actually increasing since a big portion of the above sum was stolen in the last six months alone. The severity of the problem has forced FBI and Action Fraud (United Kingdom’s national fraud and cyber-crime reporting division) into action and prompted them to issue advisories against the scam.
As per the details published by FBI, CEO Fraud originated in 2013 and it has affected more than 12,000 businesses around the world. While companies lost 1.2 billion dollars to the scam between late-2013 to mid-2015, another 800 million dollars were stolen in the last six months alone. The average loss for a company was around £35,000 but one firm lost around £18.5 million to the fraud recently. There have also been reports that some companies have been deceived to send as much as 90 million dollars to offshore bank accounts by the scammers. As far as the recovery of the stolen money is concerned, the picture is equally dismal since only £1 million out the stolen £32 million have been recovered by the police in Britain.
The scam usually starts off with the hacking of a CEO’s email account or attack on the email servers of a company. In some cases, hackers also register lookalike domain names to send emails while in rare cases, they have also used public email services (GMail and Yahoo Mail) to carry out their attacks. Once the attackers have control over the company’s email servers, they send an email from CEO (or director) to Finance Department and request an urgent payment of £10,000 for an item or a deal. After the payment has been done, the attackers immediately transfer the money to offshore accounts and close down the account to which the money was transferred. As per FBI, the money stolen via the scam has been traced to over 108 countries (with a majority being in Asia and Africa) making the job of law enforcement agencies even more difficult.
Unlike other scams, the attackers behind “CEO Fraud” are highly sophisticated and organized. For instance, the attackers not only infiltrate into a company’s infrastructure, they also take time to study the profiles of CEO and Directors via their social media profiles as well as understand their activities, style of communicating, travel and purchasing plans. Such background check activities help the attackers to create emails which appear totally authentic and do not raise any red flags within the Finance department.
Given the severity of the scam, FBI and Action Fraud have advised employees from the Accounts or Finance department to double check payments especially when it involves transferring a large amount of money. Businesses can also take extra precautions (like setting up dedicated IPs for their emails servers) to remain safe from such types of scams. Action Fraud has also advised businesses to increase awareness about the “CEO Fraud” so that they do not become victims of the scam.