CEO fraud is when fraudsters trick companies into paying fake invoices or making payments they would otherwise not make.
The fraudster identifies several companies on the internet and finds out who their respective manager and accountant is, or other people responsible for accounts payable, are (all of this information can easily be found online).
Pretending to be the manager, the fraudster then sends an email to the accountant along the lines of: “I just made an order at company XYZ and need to send them the money today. Is it possible to send it express?” Most often the accountant responds that it is, and the fraudster then sends the payment details, i.e., the account number, amount, variable code, message for recipient, etc. The accountant then makes the transfer based on the request of their “boss’’.
Our recommendations:
- The best way to prevent this from ever happening is to set rules in the company that make it impossible to make such payment requests.
- Should such an email request arrive, call the sender and ask for details. Find out if they had indeed sent the message.
- Notice if the text somehow deviates from the usual style of communicating in the company:
- Is the usual degree of formality used?
- Is a standard term of address used?
- Is the writing style the same?
- Has your boss previously ever made a similar request?
- Don’t just look at the sender’s name. Click on the sender to display the whole email address. Is it the one your boss uses?
- Insist on an invoice.
- Verify the Company ID No.(IČO) on www.justice.cz or wwwinfo.mfcr.cz/ares/ in the ‘Economic Entities’ section.
- If you are unable to obtain the invoice, you can search for the name of the company on the above websites or online.
- Verify the account number online. Most companies list their account number on their website.