Security for payments is becoming stronger all the time. So criminals have stopped trying to hack computers as much, and are instead trying to exploit employee trust.
How the criminals operate
They figure out the authorisations for signing transactions
The fraudster pretends to be an auditor or a person of authority in your company.
He/she approaches various employees by e-mail or telephone and questions them about the signing powers of employees.
They contact an employee who is authorised to sign for large amounts
The fraudster pretends to be the CEO, CFO or another person of trust in your company. Under the pretence that it involves the acquisition of a company or a tax audit, the fraudster asks the employee to carry out a large, urgent transaction in secret, in most cases to a foreign account.
They persuade the employee to carry out the transaction
If the employee has doubts, the fraudster pulls rank or uses flattery and starts dropping names of important people in order to put the employee under pressure. If the employee executes the transaction, the fraud is a success.
Protect your company against CEO fraud
- Limit the individual signing powers of a single employee. Make it a requirement that transfers above a set amount are signed by two or more people.
- Do not respond to questions from strangers trying to find out who makes payments in your company.
- Do not act based on an e-mail or telephone request, but ask for a personal meeting. In any case, contact the person making the call from a known, fixed number.
- Invest in a central support centre/point of contact where employees can report suspicious phone calls and e-mails.
- Provide a sufficient amount of information to your employees using the Cyber Security KIT for companies. This KIT contains material (such as posters, presentations, scam e-mails)