A fraudster sends an email to your payments team pretending to be from the CEO, CFO or other person in authority. The sender address is usually very similar to the actual email address of a senior manager at the business. On some occasions the manager’s email address is hacked so the email comes from the correct email address.

The initial email is often directed to a staff member by name. If the staff member responds to the email they usually receive a reply asking for a wire transfer. The payment teams often process the payments thinking that the request is coming from management.

Often this scam is used in conjunction with social engineering efforts. For example, the fraudster will gain information that the CEO is travelling or overseas, and will identify a country where regular suppliers are based. These efforts are then incorporated into the email instructions to make it seem more genuine.

What you can do:

• Implement a policy where all payment requests received by email over a set amount require the payment team to call the requester to confirm the request, using their listed phone number, not the number in the email.
• Educate staff that normal payment procedures should be followed. If you receive an email requesting a payment outside normal processes then be extra vigilant.
• If asked to change a supplier’s bank account details, check the request by phone to the supplier’s known phone number or other independent verification.
• Employees should check email addresses as well as the email name. If you hover over the name of the person who sent the email, the reply to address may be different.
• Exercise restraint when publishing information about employee activities such as out of office details or hierarchical information on your website or through social media, as attackers perpetrating these schemes often use this information to appear more genuine.

Possible indications of fraudulent emails include:

• The request states that it is urgent or confidential and ignores the standard procedure.
• These are grammatical or spelling errors.
• Use of language and formatting of the email is different to past emails from the manager.