CEO imposter scams: Is the boss for real?

If your business regularly makes wire transfer payments, it could be the next target of a fast-growing scam in which cybercriminals trick employees into transferring large sums of money to them by impersonating CEOs and other company executives in spoofed emails.

According to the FBI, the scheme has caused $2.3 billion in losses to 17,642 business and non-profit organizations in the U.S. and other countries since October 2013, with the number of victims nearly tripling since January 2015.

How does it work? The schemers first study their intended victims. Social media websites, a company’s own website, and news reports can give employees’ names, job titles, email addresses, and telephone numbers, as well as information about the company’s business dealings. Fraudsters also pose as third parties perhaps the company’s bank, a vendor, or someone legitimately seeking information in phishing emails and pretexting calls designed to trick employees into disclosing confidential information.

With a company’s information, scammers can spoof, or fake, an email to an employee who they know can transfer money or pay invoices for the company, making the email look like it’s coming from an executive officer, regular vendor or other trusted source. In some cases, hackers break into a company’s email system and send urgent requests for money transfers. Once the money is wired, it can be nearly impossible to recover.

These tips can help you guard your company against CEO imposter scams:

  • Establish a multi-person approval process for transactions above a certain amount.
  • Set up a system that requires a valid purchase order and approvals from a manager and a finance officer to spend money.
  • Verify by phone any changes in vendor payment information and fund transfer requests.
  • Remember – email never is a secure way to send financial information. Don’t transmit account information by email and question any emailed payment requests that include account information.
  • Slow down. Take time to verify any request, even an urgent one. And be suspicious of any request for secrecy.

The FBI has more tips. If you suspect your company has been targeted, please report your experience to the FBI’s Internet Crime Complaint Center at www.ic3.gov and the FTC at ftc.gov/complaint.

 

Comments

I received an unsolicited letter, post marked from Mexico, allegedly from WALMART INC,, 702 8th Street, Bentonville, AR 72716, referencing www.businessgroupeval.com and coordinator@businessgroupeval.com, telephone 806-731-8207, along with a personal check written out to me in the amount of $1,991.12, requesting I participate in a Consumer Survey and Quality Control Specialists Program. They requested I go online at coordinator@businessgroupeval.com ;and enter a User ID and Password they provided which would immediately authorize payment of the check. I was then required to go online and view "my first shopping assignment." The assignment was to go to a Western Union and transfer $1,122 to an account in London, UK. I feel this is a scam and should be investigated since the check was from Walmart, Wachovia Band, N.A., Charlotte, NC, account number 053101561: 2079900136854.

Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.