What is CEO Fraud?

what-is-ceo-fraud

Email has long been a core tool for business communications, whether it was directed internally, towards the employees or externally, towards suppliers, clients and other businesses.

Being such a vital tool for communication, the email is often subject to cyber attacks from hackers trying to steal your company’s money.

You may have heard of spam, phishing and spoofing as email threats to your data and computer, but have you heard of CEO Fraud?

ceo-fraud2

Keep reading to find out what CEO Fraud is, discover 3 real-world examples and what to do to protect your company.

What is CEO Fraud?

FBI defines CEO Fraud as follows:

“A sophisticated scam that often targets employees with access to company finances and trick them using a variety of methods like social engineering and computer intrusions into making wire transfers to bank accounts thought to belong to trusted partners but instead belong to accounts controlled by the criminals themselves.” (source: fbi.gov)

This fraud is targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

The scammers don’t discriminate: they target large corporations as well as small to medium sized companies.

This fraud originated in Nigeria but has spread throughout the world.

[bctt tweet=”In the last year, FBI reported the loss of over $3.7 billion due to CEO Fraud.” username=”brand_minds”]

How does CEO Fraud work?

The cybercriminals hack the email of an executive and use it to send email messages to a targeted employee working in the financial or accounting department. The impersonating message contains instructions to transfer funds to a specific bank account controlled by the scammer.

Why is this type of fraud so dangerous?

Using deception, the cybercriminals make the emails look credible and familiar. The employee doesn’t suspect it as being fake for a second. Because the scammers are leveraging the influence and authority of a top executive or CEO, this type of fraud came to be known as the CEO Fraud.

Here is a sample of an email designed to trick the targeted employee:

ceo-fraud

source image: blog.trendmicro.com

3 real-world examples of CEO Fraud

  1. Etna Industrie, France

Etna Industrie employs 50 people and has been making industrial equipment on the outskirts of Paris for nearly 75 years. In 2016, the company became a victim of CEO Fraud.

The company’s accountant received an email from her boss, Carole Gratzmuller announcing that she was buying a company in Cyprus. The email included instructions from Carole as to where to transfer the money.

A total of $542,000 was transferred to foreign bank accounts: the banks held three of the wire transfers up, but $142,000 went through to the scammers. (Source: bbc.com)

  1. FACC Operations GmbH, Austria

FACC Operations GmbH is an Austrian company that produces various airplane parts for companies like Airbus and Boeing.

In 2016, the company announced that it was the victim of a cyber fraud that targeted its financial accounting department.

The financial damage was at $54 million. (Source: news.softpedia.com)

  1. Mattel, U.S.A.

Mattel, the well-known manufacturer of the Barbie doll has fallen victim to the CEO Fraud as well.

In 2016, Mattel was pushing to increase its business in China and had a new CEO at the helm. An executive in the finance department received an email from the newly appointed CEO to wire $3 million for a vendor in China. Mattel has a double-check transfer system in place that each payment must go through.

The payment checked out correctly and the executive wired the funds. Hours later she mentions the money transfer to the CEO who denies having sent such an email.

Mattel quickly asked the help of the Chinese Police which was successful in recovering the money two days later. (Source: news.com.au)

Expert’s Opinion

We talked about CEO Fraud to Mihaela Paun, Bitdefender’s Vice President of Consumer Sales and Marketing.

Here are her recommendations:

“Two major factors converge to the success of CEO fraud: the social component that prompts the employee to comply with the request under the hierarchic pressure and the amount of money that cyber-criminals can make in one shot.

This is why advanced security measures should be complemented by strong internal policies at all times. On the technology side, several aspects financial departments (or any department that works with payments) should take into account are the use of two-factor authentication mechanisms and close monitoring of internal communications impersonating executives. Spam traps can be trained to raise alerts with IT security whenever the sender’s name does not match the associated company e-mail address. E-mail coming from “typosquatted” (impersonating) domain names should be discarded immediately by the antispam filer as well.

On the human side, financial departments should implement strong payment policies. Payments should not be made in the absence of an agreement or purchase order associated with the invoice. The purchase order should clearly state the beneficiary, the maximum amount of money and the bank account number for the payments to be made to. For large amounts of money, extra approvals should be formalized and double checked offline such as calling a trusted phone number.

Security of transactions should be an ongoing effort and every employee should be trained on how to spot phishing attempts, as well as how to report such attempts to the IT department.”

How is your company protecting itself from CEO fraud?

Ad Fraud Cut by 83 Percent in TAG Certified Distribution Channels

A new study from The 614 Group has analyzed the impact of the Trustworthy Accountability Group (TAG)’s efforts on addressing fraud in the digital advertising supply chain.

Moreover, the level of fraud was lower by more than 83 percent compared to the industry average.  The study looked at more than 6.5 billion display and video impressions in campaigns run through TAG Certified channels by three major media agencies: GroupM, IPG/Mediabrands and Horizon Media. Analyses by verification technology providers have found the levels of Invalid Traffic (IVT) in digital advertising average 8.83 percent for display inventory in North America (and rise to 12.03 percent when video inventory is included).

The Trustworthy Accountability Group (TAG) is the leading global certification program fighting criminal activity and increasing trust in the digital advertising industry. Created by the industry’s top trade organizations, TAG’s mission is to eliminate fraudulent traffic, combat malware, prevent Internet piracy, and promote greater transparency in digital advertising. TAG advances those initiatives by bringing companies across the digital advertising supply chain together to set the highest standards. TAG is the first and only registered Information Sharing and Analysis Organization (ISAO) for the digital advertising industry.

Source: Campaign UK

The 614 Group examined comparable rates of fraud for campaigns run through TAG Certified Channels in which multiple entities involved in the transaction – such as the media agency, buy-side platform, sell-side platform and/or publisher – had achieved the TAG Certified Against Fraud Seal.

“This study validates TAG’s approach and sets a clear path for marketers that want to protect their brands and ad spend from fraud,” said Mike Zaneis, President and CEO of TAG.“Fraud thrives in the dark crevices of the supply chain, so we knew that we had to get the legitimate participants in the supply chain to adopt the same high standards for this effort to be successful. When the industry links its arms and stands together, there is no place left for the criminals to hide.”

“The 614 Group have been leaders in promoting brand safety best practices and supporting the creation of standards and guidelines. Fraud has proven to be one of the most intractable issues in this area over the years,” said Rob Rasko, Managing Partner of The 614 Group.  “We are pleased to release this groundbreaking research on the impact of TAG’s efforts to address the IVT challenge, and we believe the quantitative data combined with the timely first-hand analysis from the agency leaders who deal with fraud on a daily basis offer compelling insights on the impact of the TAG program.”

“The results of this study are extraordinary and demonstrate that the ‘war on fraud’ is winnable,” said Bob Liodice, CEO of the Association of National Advertisers. “Marketers must recognize that fraud, piracy and malware rob brands of their business building power. By joining and working with TAG — and its demonstrated process for success — brands can energize their marketing investments and elevate their potential for growth. I encourage all marketers and the entire community to engage this effective fraud fighting institution.”

“Fighting digital ad fraud is a centerpiece of the IAB’s and IAB Tech Lab’s work, and we are delighted that those efforts are paying dividends,” said Randall Rothenberg, President and CEO, Interactive Advertising Bureau. “By making TAG Registration mandatory for all IAB members and collaborating with TAG on our technical standards, we are assuring that the highest anti-fraud standards are extended across the industry, so advertisers will know that their money is well spent.”

× WhatsApp Help