Genesis Business Systems is warning businesses to be on high alert after increased reports and financial losses from CEO fraud.
A recent report from the City of London Police’s National Fraud Intelligence Bureau (NFIB) shows that over £32 million has been reported to be lost as a result of CEO fraud.
CEO fraud will typically start with an email being sent from a fraudster to a member of staff in a company’s finance department. The member of staff will be told by the fraudster who is purporting to be a company director or CEO that they need to quickly transfer money to a certain bank account for a specific reason. The member of staff will do as their boss has instructed, only to find that they have sent money to a fraudster’s bank account.
The fraudster will normally redistribute this money into other mule accounts and then close down the bank account to make it untraceable. Out of the £32 million reported to be lost by businesses to CEO fraud only £1 million has been able to be recovered by the victims. This is due to businesses taking too long to discover that they have been the victim of fraud and the lost money already being moved by fraudsters into mule accounts. Most businesses reported initially being contacted via emails with gmail.com and yahoo.com suffixes.
The largest reported amount of money given by a member of staff to a fraudster was £18.5 million which is an unusually large amount to be given. Typically the average amount given to a fraudster is £35,000 but this can vary.
The company which lost £18.5 million is a producer of healthcare products and has offices globally. In July last year a man who purported to be a senior member of staff, phoned a female Financial Controller who was based in one of the company’s Scottish offices and asked her to transfer money to accounts in Hong Kong, China and Tunisia. The Financial Controller believed the man to genuinely be a senior member of staff and exchanged several calls with him as well as emails. The man convinced her to transfer money into three foreign bank accounts which resulted in the company losing £18.5 million.
The fact that one company lost over £18 million whilst most others lose approximately £35,000 suggests that there may be two tiers of CEO fraud currently being committed, with some fraudsters aiming to obtain millions of pounds whilst others targeting a number of businesses attempting to receive lesser amounts.
Limited companies tend to be the most targeted type of company with 52% of reports coming from this business type. 22% of reports have come from businesses within London suggesting that this problem is particularly affecting the capital.
Deputy Head of Action Fraud, Steve Proffitt said: “It is important that all businesses are made aware of this type of fraud. We encourage businesses to educate their staff about this type of fraud in order to prevent themselves from becoming the next victim. Employees should be encouraged to double check everything they do and never be rushed into transferring large amounts of money even if they do think that it’s an important task given to them by their CEO. An increased awareness of this type of fraud amongst businesses will no doubt make it far harder for fraudsters to succeed “.
For more information on how we can help your business combat cyber fraud with our network security solutions - give us a call on 01482 210999 or email [email protected].