CEO fraud: high risk of fraud for companies

Hand hält Marionette
CEO fraud: high risk of fraud for companies
In this scam, perpetrators try to manipulate people in companies who are authorized to make decisions.

Fraudsters in NRW stole almost seven million euros last year with the "CEO fraud" scam. The number of cases more than doubled from 115 cases in 2016 to 243 cases in 2017. The trend is continuing in the first quarter of 2018.

While some of the crimes in 2016 and part of 2017 were directed against corporations and large international companies, since mid-2017 the perpetrators have tended to target small companies with high turnover. It can be assumed that these companies are the focus of the perpetrators because they generally do not have a well-developed compliance management system or other professional protection mechanisms in place. According to the latest study by auditing firm PricewaterhouseCoopers and Martin Luther University Halle-Wittenberg, 40 percent of the companies surveyed stated that they had been victims of attempted CEO fraud. In five percent of companies, the perpetrators were successful.

The scam

In the "CEO fraud" scam, perpetrators attempt to manipulate decision-makers in companies into transferring large sums of money abroad. The perpetrators pretend that the order comes directly from the head of the company (managing director or board member = Chief Executive Officer = CEO). This is a variant of so-called social engineering, in which the "human vulnerability" is exploited.

Sophisticated approach

The perpetrators usually proceed very skillfully by first obtaining as much information as possible about the company and its structures. The perpetrators focus on details of business partners and future investments, email contact details or information on the company's employees in social networks.

Well-organized perpetrators

With this information, the well-organized perpetrators can, for example, convincingly present themselves as the managing director or authorized decision-maker of a company. Accountants or other decision-makers in a company are tricked into believing that an urgent and secret money transfer needs to be carried out quickly and inconspicuously by means of multiple emails and phone calls. The perpetrators often manage to build up a great deal of psychological pressure. They regularly succeed in persuading even experienced employees to transfer large sums of money. The damage now amounts to several million euros.

The police advises:

  • Sensitize your employees to this phenomenon and train them regularly
  • Be aware of what information about your company is public
  • Review your absence policies and internal control mechanisms
  • In the case of unusual payment instructions, controls should be put in place before the payment is made:
    • Check the email carefully for the sender address and correct spelling
    • Verify the payment request with the supposed client by calling back or making a written enquiry
    • Inform your management or superior
  • If a transaction has already taken place, you need to act quickly. Inform your financial institution and the police immediately

If you notice anything unusual, contact your local police station or the state criminal investigation department.

Translated with DeepL.com (API Version)
In urgent cases: Police emergency number 110