It Could Happen to Anyone – A CEO Fraud Primer

There has been a lot of media coverage lately over various organisations falling victim to CEO fraud. Basically a scam whereby criminals using email fool a target within an organisation into redirecting funds into bank accounts under their control. We have worked with some companies who have fallen victim to this and we also wrote about the rise in this type of attack in an earlier blog post CEO Fraud Attacks Continue to Rise.

We came across the below video released by Barclay’s Bank to educate people on how this fraud works and we though it was worth sharing with you.

As outlined in our own advisory we recommend that companies take the following steps to avoid becoming a victim of this scam;

  • Ensure staff use secure and unique passwords for accessing their email.
  • Ensure staff regularly change their passwords for their email accounts
  • Where possible implement two factor authentication to access email accounts, particularly when accessing web based email accounts
  • Have agreed procedures on how requests for payments can be made and how those requests are authorised. Consider using alternative means of communication, such as a phone call to and trusted numbers, to confirm any requests received via email.
  • Be suspicious of any emails requesting payments urgently or requiring secrecy.
  • Implement technical controls to detect and block spam emails and spoofed emails.
  • Ensure computers, smartphones, and tablets are updated with the latest software and have up to date and effective anti-virus software installed. Criminals will look to compromise devices with malicious software in order to steal the login credentials for accounts such as email accounts.
  • Provide effective cybersecurity awareness training for staff

If your company falls victim to such as scam you should firstly report the issue to your financial institution and then report the issue to An Garda Siochana or appropriate Local Law Enforcement Agency.

Leave a Reply

Your email address will not be published. Required fields are marked *