Tax & admin · 31 January 2018

What is CEO fraud and how can I identify it?

CEO fraud is gaining notoriety as a significant threat to small businesses
Business Advice unpicks one of the growing threats to small companies, asking what is CEO fraud, before consulting two experts on the typical tactics employed by scammers and how owners can protect their firm.

What is CEO fraud?

CEO fraud involves the impersonation of a senior company executive in order to divert payments for goods and services into a fraudulent bank account. Fraudsters will typically target a company’s finance department, either via email or over the phone.

As detailed in the 2017 Annual Fraud Indicator, CEO fraud is an increasingly prominent type of procurement fraud. As the procurement of goods and services can represent a high proportion of a firm’s expenditure often involving numerous individuals across different departments the risk of fraudulent activity is high.

According to the report, procurement fraud costs UK businesses 121.4bn every year, and with a reported 2, 370 per cent increase between January 2015 and December 2016 alone, CEO fraud is gaining notoriety.

Jim Gee, head of forensics and counter fraud services team at Crowe Clark Whitehill and author of the report, offered Business Advice readers a further explanation of this growing threat to small firms.

fraud occurs in every business irrespective of the sector or type. The question is not whether fraud is an issue, it is what type of fraud and how much is being lost, Gee explained.

cEO fraud has gained prominence over the last 18 months, cropping up repeatedly as an issue that affects small businesses. Fraudsters impersonating CEOs can be very convincing, hence why this type of approach is so effective.

CEO fraud in action

According to crime agency Action Fraud, the largest reported amount of money ever transferred by an employee to a fraudster was 18.5m.

The company, a global brand of healthcare products, remained anonymous. However, it emerged that a man impersonating a senior staff member phoned a financial controller in the firm’s Scotland office and requested funds to be transferred to accounts in Hong Kong, China and Tunisia. The employee was so duped that the transaction occurred despite several phone calls and emails occurring.

Outside of this extreme case, the average amount acquired by fraudsters via CEO fraud is believed to be around 35, 000.



Business fraud stories from two burned small businesses

With new research suggesting business fraud awareness is stagnating, two small company owners share their experiences of being stung by swindlers.


Typical tactics

the fraudsters perpetrating CEO fraud are often sophisticated criminals rather than amateurs trying their luck, Gee noted. They may have targeted the business over months, building up a picture of who works in the business, reporting lines and the individuals responsible for authorising payments.

Key business fraud stats

? 25 per cent proportion of small firms hit every year
? 18.9bn losses to small firms each year
? 36 per cent amount which don’t know who to call in event of invoice fraud
? 47 per cent amount which have not made any changes to prevent fraud

Even a company’s website could reveal names of legitimate suppliers and provide information which can be exploited by fraudsters. Malware also continues to be used to access internal email systems.

Gee added that fraudsters have been known to follow CEOs on social media channels, such as LinkedIn, to observe any posts suggesting the individual is not in the office, meaning automatic out of office? replies can be a dangerous giveaway. He warned that the agile operations of a small business, where it is more typical for a CEO to authorise or instruct payments, put such firms at a greater risk.

How to identify CEO fraud

With the lethal threat facing small firms now established, Dr Markus Jakobsson, chief scientist at cyber security firm Agari, outlined three potential warning signs that could save you from falling victim.

  1. Consider the sender
first of all, is this an email from somebody in power? And does it ask for help with something? Is it addressed only to you, or to the entire company? Scammers like to single out their victims. If they sent a scam email to everybody on your floor, somebody would say hey, this is no good, and you would all put the email in the spam folder.



Praseeda Nair is an impassioned advocate for women in leadership, and likes to profile business owners, advisors and experts in the field of entrepreneurship and management.

Legal Advice