What is CEO Fraud?

Email has long been a core tool for business communications, whether it was directed internally, towards the employees or externally, towards suppliers, clients and other businesses.

Being such a vital tool for communication, the email is often subject to cyber attacks from hackers trying to steal your company’s money.

You may have heard of spam, phishing and spoofing as email threats to your data and computer, but have you heard of CEO Fraud?

ceo-fraud2

Keep reading to find out what CEO Fraud is, discover 3 real-world examples and what to do to protect your company.

What is CEO Fraud?

FBI defines CEO Fraud as follows:

“A sophisticated scam that often targets employees with access to company finances and trick them using a variety of methods like social engineering and computer intrusions into making wire transfers to bank accounts thought to belong to trusted partners but instead belong to accounts controlled by the criminals themselves.” (source: fbi.gov)

This fraud is targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

The scammers don’t discriminate: they target large corporations as well as small to medium sized companies.

This fraud originated in Nigeria but has spread throughout the world.

In the last year, FBI reported the loss of over $3.7 billion due to CEO Fraud.

How does CEO Fraud work?

The cybercriminals hack the email of an executive and use it to send email messages to a targeted employee working in the financial or accounting department. The impersonating message contains instructions to transfer funds to a specific bank account controlled by the scammer.

 

Why is this type of fraud so dangerous?

Using deception, the cybercriminals make the emails look credible and familiar. The employee doesn’t suspect it as being fake for a second. Because the scammers are leveraging the influence and authority of a top executive or CEO, this type of fraud came to be known as the CEO Fraud.

Here is a sample of an email designed to trick the targeted employee:

ceo-fraud source image: blog.trendmicro.com

3 real-world examples of CEO Fraud

  1. Etna Industrie, France

Etna Industrie employs 50 people and has been making industrial equipment on the outskirts of Paris for nearly 75 years. In 2016, the company became a victim of CEO Fraud. The company’s accountant received an email from her boss, Carole Gratzmuller announcing that she was buying a company in Cyprus. The email included instructions from Carole as to where to transfer the money. A total of $542,000 was transferred to foreign bank accounts: the banks held three of the wire transfers up, but $142,000 went through to the scammers. (Source: bbc.com)

  1. FACC Operations GmbH, Austria

FACC Operations GmbH is an Austrian company that produces various airplane parts for companies like Airbus and Boeing. In 2016, the company announced that it was the victim of a cyber fraud that targeted its financial accounting department. The financial damage was at $54 million. (Source: news.softpedia.com)

  1. Mattel, U.S.A.

Mattel, the well-known manufacturer of the Barbie doll has fallen victim to the CEO Fraud as well. In 2016, Mattel was pushing to increase its business in China and had a new CEO at the helm. An executive in the finance department received an email from the newly appointed CEO to wire $3 million for a vendor in China. Mattel has a double-check transfer system in place that each payment must go through. The payment checked out correctly and the executive wired the funds. Hours later she mentions the money transfer to the CEO who denies having sent such an email. Mattel quickly asked the help of the Chinese Police which was successful in recovering the money two days later. (Source: news.com.au)