Ronald H. Levy
A well thought out scam and the urgent need for action
This scam, referred to by the FBI as the "CEO Fraud", is reported to have claimed over 12,000 victims worldwide. Canadian companies, including Quebec companies, have not been spared. A representative from the Sûreté du Québec said that, since 2014, almost 50 Quebec companies have fallen victims to this scam for losses totalling several hundreds of millions of dollars. This phenomenon continues to grow which is cause for concern.
This scam preys on fooling senior employees into believing that intra company communications actually comes from their own CEOs or other senior high ranking executives.
According to the daily Financial Times, this situation is primarily due to two factors: corporate governance shortcomings and the lack of strict redundant safeguards in place, which are adhered to in all cases, have caused average losses of 120,000 USD, with some companies having been tricked into transferring in the tens of millions of dollars.
To guard against fraud, it is crucial to understand the level of sophistication involved and immediately take steps to ensure that processes designed to protect you are put in place. It is all the more urgent to act now considering that in several cases, it was reported that the companies that have succumbed to this scam had to close their doors as they could not make payroll after the loss.
How this scam unfolds
First social media and the websites of the intended victims are studied to establish the corporate hierarchy, as well as the behaviour and habits of senior management.
Once this picture is complete, the fraudsters mimic the email address of the CEO and instructions are sent to the appropriate employee, requesting, confidentially, that monies be sent to an overseas account, so that an acquisition can be completed on behalf of the company. The email usually contains information that the employee would have thought was only available internally.
The employee is given a glimpse of the supposed importance of the transaction and believes he/she is taken into the confidence of the CEO to smooth the way for the transaction to proceed. To add to the authenticity of the request, the fraudsters also mimic the name of either a lawyer or accountant with an internationally recognized firm who confirms the transaction and wiring information. Monies are usually sent to accounts in Asia or Africa but European banks are also now being used to great effect.
The elegance of the scam is revealed in the fact that having phished the travel and personal habits of the CEO, the confidential urgent request is made when the CEO is unavailable to be contacted to confirm the written instructions.
Obviously, once the money is transferred, it is usually lost. However, there are mechanisms available to attempt to freeze the funds in the receiving bank before they disappear. Alacrity and knowledge of these techniques are essential if there is any hope of recovering these sums.
Unfortunately, many insurance policies will not provide coverage or loss recovery. Insurance companies will argue that the employee fraud clauses do not apply as the funds were voluntarily sent overseas.
The best protection calls for specific governance rules that need to be put in place and adhered to. No company is immune to these scams. This is why nothing should be left to chance.