How does it works?

• A fraudster calls or emails posing as a high ranking figure within the company (e.g. CEO or CFO).
• They have a good knowledge about the organization.
• They require an urgent payment.
• They use language such as: ‘Confidentiality’, ‘The company trusts you’, ‘I am currently unavailable’.
• They refer to an expedited late payment, a need to solve a ‘supplier’ cash flow issue or the need to procure goods or services urgently.
• The employee is requested not to follow the regular authorisation procedures.
• Instructions on how to proceed may be given later, by a third person or via email.
• The employee transfers funds to an account controlled by the fraudster.
• Often, the request is for international payments to banks outside Europe.

What are the signs?

• Unsolicited email/phone call
• Direct contact from a senior official you are normally not in contact with
• Request for absolute confidentiality
• Pressure and a sense of urgency
• Unusual request in contradiction with internal procedures
• Threats or unusual flattery/promises of reward

What can you do?

As a Company

• Be aware of the risks and ensure that employees are informed and aware too.
• Encourage your staff to approach payment requests with caution.
• Implement internal protocols concerning payments.
• Implement a procedure to verify the legitimacy of payment requests received by email.
• Establish reporting routines for managing fraud.
• Review information posted on your company website, restrict information and show caution with regard to social media.
• Upgrade and update technical security.
• Always contact the police in cases of attempted fraud, even if you are not the victim of fraud.

As an employee

• Strictly apply the security procedures in place for payments and procurement. Do not skip any steps and do not give in to pressure.
• Always carefully check email addresses when dealing with sensitive information/money transfers.
• In case of doubt on a transfer order, consult a competent colleague.
• Never open suspicious links or attachments received by email. Be particularly careful when checking your private email on the company’s computers.
• Restrict information and show caution with regard to social media.
• Avoid sharing information on the company’s hierarchy, security or procedures.
• If you receive a suspicious email or call, always inform your IT department.