We have recently seen a number of businesses fall victim to CEO impersonation fraud. The impact of fraud on a business can be devastating, not only could it result in substantial financial loss, but it could also have a negative effect on the reputation of the company. CEO impersonation fraud, however, can be avoided by ensuring the appropriate procedures and safeguards are in place.

What is CEO impersonation fraud?

CEO impersonation fraud occurs when an individual assumes an identity, often of the CEO or member of the senior management team, to perform a fraud. 

The cases we have seen recently follow a similar pattern:

  • Step 1 - Fraudsters hijack the identity of an individual in senior management by using a virtually identical email address.
  • Step 2 - Using the stolen identity fraudsters instruct the business to make a large payment to a third party.
  • Step 3 - The business makes a payment to the (false) third party
  • Step 4 – When the victim of the stolen identity is informed of payment the fraud is unearthed.

Warning signs

Any email seemingly from an individual in a senior management position asking the company to send a large payment to a (usually previously unknown) third party.

Fraudsters can generate emails that look convincing. They may also have inside help with choosing targets and preparing communications. For example, we have seen CEO impersonation fraud take place when the victim of the stolen identity has been on holiday. Other tactics have been used, such as insisting on email conversation (due to the 'CEO' being in meetings or travelling) or creating a sense of panic by requesting payments are made urgently or by suggesting a previous request has been ignored.

What can you do?

We suggest that you urgently review your anti-fraud measures including:

  • Update employees about the occurrence of CEO impersonation fraud
  • Always confirm payments to third parties, known or unknown, with the individual requesting payment using an alternative means of communication and/or ensuring payee and invoices are genuine
  • Instruct employees with responsibility for paying invoices to check for irregularities and raise any suspicions with the individual requesting payment remembering that the contact details on the request may not be genuine
  • Regularly review procedures for authorising payment

What should you do if you are a victim of this fraud?

Act immediately:

  1. Notify your insurer
  2. Report this to Action Fraud through their website and preserve all relevant documents.
  3. Contact us immediately- we can put a stop on bank accounts, advise on how to recover money and help you to deal with the police

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.