With the “CEO-Fraud” scam, fraudsters in NRW stole almost seven million euros last year. According to abbreviationfinder, the number of cases more than doubled from 115 cases in 2016 to 243 cases in 2017. The trend continued in the first quarter of 2018.
While the crimes in 2016 and partly in 2017 were partly directed against corporations and large international companies, since mid-2017 the perpetrators have tended to prefer high-revenue small companies. It can be assumed that these companies are the focus of the perpetrators because they generally do not have a well-developed compliance management system or other professional protective mechanisms. According to the latest study by the WP company PricewaterhouseCoopers and the Martin Luther University Halle-Wittenberg, 40 percent of the companies surveyed say they have been the victim of attempted CEO fraud. The perpetrators were successful in five percent of the companies.
The scam
In the “CEO-Fraud” scam, perpetrators attempt to manipulate decision-makers in companies so that they transfer large sums of money abroad. The perpetrators pretend that the order comes directly from the head of the company (managing director or board of directors = Chief Executive Officer = CEO). It is a variant of the so-called social engineering, in which the “human vulnerability” is exploited.
Skillful approach
The perpetrators usually proceed very skilfully by first obtaining as much information as possible about the company and the company’s structures. The perpetrators pay attention to information about business partners and future investments, e-mail accessibility or information in social networks about employees of the company.
Well organized criminals
With this information, the well-organized perpetrators can, for example, convincingly appear as the managing director or decision-maker of a company with the authority to issue directives. Accountants or other decision-makers in a company are fooled by multiple e-mails and phone calls that an urgent and secret money transfer must be carried out quickly and unobtrusively. The perpetrators often manage to build up great psychological pressure. In this way, they regularly succeed in persuading even experienced employees to transfer large amounts. The damage is now several million euros.
The police advise:
- Make your employees aware of this phenomenon and train them regularly
- Be aware of what information about your company is public
- Check your absence policies and internal control mechanisms
- In the case of unusual payment instructions, checks should be carried out before the payment is made:
- Check the e-mail carefully for the sender address and correct spelling
- Verify the request for payment from the supposed client by calling back or writing a query
- Inform your management or supervisor
- If a transaction has already taken place, quick action is required. Notify your bank and the police immediately.
In the event of any abnormalities, contact your local police station or the State Criminal Police Office.
