The summer months are a favourite time for cybercriminals. With colleagues – including members of senior management – on holiday or working from home, internal communication is often less fluid. Fraudsters take advantage of this to impersonate a CEO or CFO and send urgent payment requests. The temporary absence of a colleague who would normally approve or verify the request makes the fraud more difficult to detect. CEO fraud is a well-planned scam that can affect any organisation, especially during the holiday season.
How does it work?
- Identification: the scammer gathers information about the company and its employees.
- Contact: they send an email, chat message or call, pretending to be a superior.
- Request: using an urgent and confidential tone, they ask for a transfer or information.
- Action: under pressure, the employee makes a transfer or discloses important data.
Cybercriminals often succeed because the message appears to come from a superior and they use words such as ‘urgent’ and ‘confidential’ in their emails. What's more, since the introduction of remote working, it has become more difficult for employees to check everything remotely in a hurry.
How can you protect yourself?
- Be vigilant. Learn how to spot fake emails or suspicious messages.
- Follow the validation rules for all requests for transfers or sensitive data. Follow procedures.
- Work in a secure environment, even when working remotely. Use a VPN, choose strong passwords and enable two-factor authentication (2FA).
What should you do if you fall victim to a scam?
- Report the incident immediately to your IT or security team.
- Alert your colleagues that fraudulent messages are circulating.
- Change your passwords if any information has been shared.
- Contact your bank if a transfer has been made and file a complaint.
