This scam is when a fraudster sends an email that pretends to be someone else at your business, often someone senior.
The message will use some kind of credible story to ask for an urgent payment to be sent to new account details. It may even pretend to be a member of staff who wants to change their payroll payment details.
Fraudsters do lots of research to help them write an email that looks genuine and reads like it came from a colleague. It can also help them to send it at the right time, such as when a person is away from work or hard to reach. They can even break into a person’s email account to send a message.
And remember, this type of scam can target a business of any size.
Tips to beat CEO fraud
It doesn’t matter who sends a payment request, you need to check the details to confirm it’s genuine.
Call the person who sent it to double-check the payment request or change of details. Use a phone number you trust, not one from an email. If you can't reach them, don’t reply to the email. Talk with another member of staff who can check and approve the payment.
If you can, use at least two people to approve a payment. This is called dual approval.
Create a clear, well-known policy that allows all of your senior or junior staff to challenge and check a payment.
Put measures in place that help staff to act quickly if they’re unsure about a payment. This may help to avoid scams and reduce losses.
Fraudsters can pretend to be an employee to email a change to a person’s account details for getting paid.
Always double-check that any change of details is genuine by talking to the employee in person or calling them using a phone number you trust, not one from an email.
Make your business email account your first line of defence.
It can hold a lot of sensitive details that a fraudster could use against you in a scam. Or they could use them to get into any other online accounts you hold.
If you don’t already have one, pick a new, strong password for the email account. Then do the same for all the other accounts you hold, such as bank and social media. Use a different password for each one.
Find out how to create a strong password on Password security.