From Cyprus Police
CEO fraud or fraud with corporate email
CEO scam or corporate email fraud is called a fraud where the scamper who is a high-ranking executive of a business
deceives an employee of another company who is authorized to make payments to pay a fake invoice or to make an
unauthorized credit transfer from the company's business account.
deceives an employee of another company who is authorized to make payments to pay a fake invoice or to make an
unauthorized credit transfer from the company's business account.
How does it work;
The fraudster invites or sends emails to a senior executive of the company (eg, General Manager or Chief Financial
Officer).
Officer).
Usually, through this communication, the fraudster uses the following techniques:
- He shows sufficient knowledge of the internal structure and organization of the business.
- Asks for an emergency payment.
- It usually uses terms and expressions such as "confidentiality", "business trusted", "I am not currently available".
- Refers to a "sensitive" business situation (eg tax audit, merger, acquisition).
- The request often involves cross-border payments to banks located outside Europe.
- The employee transfers the money to an account held by the fraudster.
- Instructions for the process may be given later through a third person or e-mail.
- They ask the victim / employee of the business not to follow the usual authorization procedures for payment.
- He shows sufficient knowledge of the internal structure and organization of the business.
- Asks for an emergency payment.
- It usually uses terms and expressions such as "confidentiality", "business trusted", "I am not currently available".
- Refers to a "sensitive" business situation (eg tax audit, merger, acquisition).
- The request often involves cross-border payments to banks located outside Europe.
- The employee transfers the money to an account held by the fraudster.
- Instructions for the process may be given later through a third person or e-mail.
- They ask the victim / employee of the business not to follow the usual authorization procedures for payment.
What are the indications?
Although we should always be careful about our transactions, there are some indications that we need to take into
account in order to suspect us that this communication is suspicious and likely to be a scam.
Although we should always be careful about our transactions, there are some indications that we need to take into
account in order to suspect us that this communication is suspicious and likely to be a scam.
These are:
- Unannounced / unannounced telephone call or e-mail
- Direct communication with a senior officer of the business you usually do not communicate with
- Request for absolute confidentiality
- Exercise of pressure on the urgency of the request
- Unusual request contrary to internal procedures Approval
- Threats or unusual flattery / reward promises
- Unannounced / unannounced telephone call or e-mail
- Direct communication with a senior officer of the business you usually do not communicate with
- Request for absolute confidentiality
- Exercise of pressure on the urgency of the request
- Unusual request contrary to internal procedures Approval
- Threats or unusual flattery / reward promises
What can you do;
To guard against such forms of fraud you should:
To guard against such forms of fraud you should:
As a business: - Know the risks and make sure that your employees are also fully informed.
- Encourage your staff to approach requests for paying with care.
- Apply internal procedures for making payments.
- Apply a procedure to verify the legitimacy of payment requests received via e-mail.
- Establish reporting procedures for managing fraud cases.
- Check the information posted on your business website, restrict information and pay close attention to social
media tools.
- Upgrade and update your security technical software.
- Always contact the Police in cases of attempted fraud, even if you are not the victim of fraud.
- Encourage your staff to approach requests for paying with care.
- Apply internal procedures for making payments.
- Apply a procedure to verify the legitimacy of payment requests received via e-mail.
- Establish reporting procedures for managing fraud cases.
- Check the information posted on your business website, restrict information and pay close attention to social
media tools.
- Upgrade and update your security technical software.
- Always contact the Police in cases of attempted fraud, even if you are not the victim of fraud.
As a worker:
- Apply strictly the existing security procedures in connection with payments and commissions. Do not skip a step
and do not succumb to pressure.
- Always check e-mail addresses when handling sensitive information or when transferring money.
- In case of doubt about a payment order, consult a competent colleague.
- Never open suspicious links or suspicious attachments that you receive via emails. Be extremely careful when
checking your personal e-mail on the computers of the business you are working in.
- Limit information and pay attention to social media.
- Avoid disclosing information about the hierarchy, security, and processes of the business you are working with.
- If you receive a suspicious e-mail or a suspicious phone call, always notify the company's IT Support Address.
- Apply strictly the existing security procedures in connection with payments and commissions. Do not skip a step
and do not succumb to pressure.
- Always check e-mail addresses when handling sensitive information or when transferring money.
- In case of doubt about a payment order, consult a competent colleague.
- Never open suspicious links or suspicious attachments that you receive via emails. Be extremely careful when
checking your personal e-mail on the computers of the business you are working in.
- Limit information and pay attention to social media.
- Avoid disclosing information about the hierarchy, security, and processes of the business you are working with.
- If you receive a suspicious e-mail or a suspicious phone call, always notify the company's IT Support Address.