The “CEO Scam” is a growing threat to businesses and organizations of all sizes
A clerical employee of a government agency in North Vancouver assumed the e-mail instruction request from her supervisor to be credible when he asked her to go out and purchase $500 in iTunes cards. In the e-mail the supervisor claimed he was in a lengthy meeting, too busy to do this himself, and for her to forward the iTunes card details back to him.
The victim became suspicious when that transaction was successfully completed and then she received a second request for another $500 as the need was urgent.
Unfortunately, the incident, which occurred on September 15, was a scam, known as a “CEO Scam,” say North Vancouver RCMP.
In a typical “CEO Scam,” fraudsters gain access to the e-mail account of an executive or supervisor and target employees who have the authority to access and move money. Fraudsters send realistic-looking e-mails, requesting urgent wire transfers or gift card purchases for what appear to be legitimate business or personal reasons, such as securing an important contract”, or a confidential transaction. They often send the targeted fraudulent e-mail when executives are travelling (accessing public Wi-Fi) or are otherwise difficult to reach.
Believing that the request is real, the employee transfers the money—only to find out upon the boss’s return or through other correspondence that the e-mail was a scam and the money is gone.
Losses to this type of scam can range from hundreds to tens of thousands of dollars. The “CEO Scam” is a growing threat to businesses and organizations of all sizes.
Below are tips to help protect yourself and your business against such a scam:
* Ensure your computer systems are secure, keep antivirus software up to date, and encourage all employees to use strong passwords to protect their email accounts from hackers.
* Take a careful look at the sender’s e-mail address. It may be very similar to the real one, with only one or two letters being different.
* Double-check with executives when they send wire transfer requests by e-mail, even when they look legitimate. Don’t use the contact information provided in the message and don’t reply to the e-mail.
* Establish a standard process that requires multiple approvals for money transfers.
* Limit the amount of employee information available online and on social media. Fraudsters use it to find potential victims and time their targeted fraud.
For more information on how to protect your business go to the BC.RCMP website. If you’ve been the victim of a
CEO Scam report it to the Canadian Anti-Fraud Centre (1-888-495-8501), the Competition Bureau (1-800-348-5358) or the police.