After receiving phenomenal positive feedback at our previous live cyber exercising workshops in Edinburgh and Aberdeen, the Scottish Business Resilience Centre organised another Exercise in…
This week is Charity Fraud Awareness Week (19th to 23rd October), to mark the event, SBRC seconded police officer, Angela Brand, has put together advice on various types of fraud to look out for, and what you need to do.
In addition to mandate fraud, which we discussed earlier this week, another type of fraud which is becoming more commonplace is CEO fraud. This is equally damaging for businesses and third sector organisations, causing significant annual financial losses.
CEO fraud occurs when an individual contacts the finance department of an organisation, assuming the identity of their CEO, and asks them to immediately transfer money from a business account into another account, for a spurious reason. The money is then transferred from the business account into their own fraudulent bank account.
Questioning the CEO
Fraudsters rely on an employee’s reluctance to question the CEO of their business and, as with mandate fraud, the organisation will not realise that they have been the victim of a crime until the anomaly is highlighted in an audit, or the genuine CEO questions the transaction. The request can be made via telephone, or via e-mail.
Finding information online
Information regarding the CEO for any given company is freely available online and therefore it is extremely easy for fraudsters to identify the person whom they need to impersonate. They will also often check business networking sites and social media sites to gather further information on the individual, to help them appear more plausible to those they are targeting.
Raising awareness of this type of fraud, and adherence to company policies for financial transactions, should assist in reducing the likelihood of an organisation falling victim to CEO fraud.
The following are some helpful points to consider:
- Ensure that all members of staff in your organisation are aware that this type of fraud exists, and carry out regular fraud-prevention training
- Be cautious if someone claiming to be the CEO contacts you directly to ask you to carry out any form of urgent financial transaction. If such a request occurs, make attempts to verify the request with another member of the organisation, such as the CEO’s Personal Assistant or Staff Officer
- Implement a two-step authorisation process to ensure a senior member of staff must approve any stand-alone financial transactions, as well as the CEO
- Complete regular financial audits and check for misspelt company names or other irregularities and immediately report them
- If you suspect you have fallen victim to fraud, contact Police Scotland immediately
If you think you’ve experienced a cyber-attack, please call our Incident Response helpline on: 01786 437 472.