Invoicing

What is CEO fraud and how can I identify it?

Praseeda Nair | 31 January 2018 | 6 years ago

CEO fraud is gaining notoriety as a significant threat to small businesses
Business Advice unpicks one of the growing threats to small companies, asking what is CEO fraud, before consulting two experts on the typical tactics employed by scammers and how owners can protect their firm.

What is CEO fraud?

CEO fraud involves the impersonation of a senior company executive in order to divert payments for goods and services into a fraudulent bank account. Fraudsters will typically target a company’s finance department, either via email or over the phone.

As detailed in the 2017 Annual Fraud Indicator, CEO fraud is an increasingly prominent type of procurement fraud. As the procurement of goods and services can represent a high proportion of a firm’s expenditure often involving numerous individuals across different departments the risk of fraudulent activity is high.

According to the report, procurement fraud costs UK businesses 121.4bn every year, and with a reported 2, 370 per cent increase between January 2015 and December 2016 alone, CEO fraud is gaining notoriety.

Jim Gee, head of forensics and counter fraud services team at Crowe Clark Whitehill and author of the report, offered Business Advice readers a further explanation of this growing threat to small firms.

fraud occurs in every business irrespective of the sector or type. The question is not whether fraud is an issue, it is what type of fraud and how much is being lost, Gee explained.

cEO fraud has gained prominence over the last 18 months, cropping up repeatedly as an issue that affects small businesses. Fraudsters impersonating CEOs can be very convincing, hence why this type of approach is so effective.

CEO fraud in action

According to crime agency Action Fraud, the largest reported amount of money ever transferred by an employee to a fraudster was 18.5m.

The company, a global brand of healthcare products, remained anonymous. However, it emerged that a man impersonating a senior staff member phoned a financial controller in the firm’s Scotland office and requested funds to be transferred to accounts in Hong Kong, China and Tunisia. The employee was so duped that the transaction occurred despite several phone calls and emails occurring.

Outside of this extreme case, the average amount acquired by fraudsters via CEO fraud is believed to be around 35, 000.

__________________________________________________________________________________

 

Business fraud stories from two burned small businesses

With new research suggesting business fraud awareness is stagnating, two small company owners share their experiences of being stung by swindlers.

__________________________________________________________________________________

Typical tactics

the fraudsters perpetrating CEO fraud are often sophisticated criminals rather than amateurs trying their luck, Gee noted. They may have targeted the business over months, building up a picture of who works in the business, reporting lines and the individuals responsible for authorising payments.

Key business fraud stats

? 25 per cent proportion of small firms hit every year
? 18.9bn losses to small firms each year
? 36 per cent amount which don’t know who to call in event of invoice fraud
? 47 per cent amount which have not made any changes to prevent fraud

Even a company’s website could reveal names of legitimate suppliers and provide information which can be exploited by fraudsters. Malware also continues to be used to access internal email systems.

Gee added that fraudsters have been known to follow CEOs on social media channels, such as LinkedIn, to observe any posts suggesting the individual is not in the office, meaning automatic out of office? replies can be a dangerous giveaway. He warned that the agile operations of a small business, where it is more typical for a CEO to authorise or instruct payments, put such firms at a greater risk.

How to identify CEO fraud

With the lethal threat facing small firms now established, Dr Markus Jakobsson, chief scientist at cyber security firm Agari, outlined three potential warning signs that could save you from falling victim.

  1. Consider the sender
first of all, is this an email from somebody in power? And does it ask for help with something? Is it addressed only to you, or to the entire company? Scammers like to single out their victims. If they sent a scam email to everybody on your floor, somebody would say hey, this is no good, and you would all put the email in the spam folder.

if the email asks for a wire transfer, or for help paying an overdue invoice, it is probably bad. After all, does your CEO normally send such requests? Well, scammers do. Or, if you are in HR, maybe the email asks for employee data. Very fishy.

  1. Look at the email address
not the name in front of it, but the email. Is that your boss? normal email address? Or is it a Gmail address, an address from ceo123.com, or just something you have not seen before?

‘some 94 per cent of all CEO scams involve a deceptive display name that’s the part of the email that says the sender’s name, which is displayed to you before you even open the email and an email address that does not match what you normally see from this person.

  1. Always ask
If you are not sure, don’t be embarrassed to ask. Send a copy to your admin. Walk over to your boss and ask did you just ask me to pay a late invoice? Four eyes are better than two.

How can I prevent CEO fraud?

Gaining a full awareness of the warning signs is the first step in preventing CEO fraud. To ensure the strongest defence, Dr Jakobsson advised business owners to put the right security software in place and look at internal processes, such as staff awareness.

Meanwhile, Gee urged all business owners to prepare to be targeted amid the UK’s fraud epidemic.

to reduce vulnerability to CEO fraud, small business owners should put time aside to consider their fraud vulnerabilities, who in the company is responsible for countering fraud on an on-going basis, and whether there is sufficient expertise within the organisation to adequately protect the business, he advised.

‘spending on professional advice may seem like a luxury for many businesses, but such spending should be considered an investment compared to the potential financial, legal and reputational costs associated with fraud.?

If you’ve been a victim of fraud then Business Advice would like to hear your story. Please get in touch by emailing us on editors@businessadvice.co.uk.

The story of a small business defrauded out of 7, 000 and the lessons learned

Topic

Invoicing

Related Topics

Should I charge my clients VAT?
15 April 2021

Should I charge my clients VAT?

Read More →
Freelancers – How to get paid what you are owed,  on time
27 October 2020

Freelancers – How to get paid what you are owed, on time

Read More →
What is a PO number and why is it important?
2 October 2020

What is a PO number and why is it important?

Read More →
Worst offenders to be named and shamed under new late payment system
8 January 2019

Worst offenders to be named and shamed under new late payment system

Read More →
Late payments scandal: Average small business owed 24, 841 in unpaid invoices
28 November 2018

Late payments scandal: Average small business owed 24, 841 in unpaid invoices

Read More →
Freelancer’s guide to invoicing: Everything you need to get paid
26 November 2018

Freelancer’s guide to invoicing: Everything you need to get paid

Read More →

If you enjoy reading our articles,
why not sign up for our newsletter?

We commit to just delivering high-quality material that is specially crafted for our audience.

Join Our Newsletter