At viva.com, your safety is always our top priority and therefore, we feel obliged to instruct you on the new types of online fraud currently used by scammers. We would like you to carefully go through the instructions below, in order to protect yourself from cybercriminals, who may try to defraud you.
What is CEO fraud?
CEO fraud occurs when an employee authorised to make payments is tricked into paying a fake invoice or making an unauthorised transfer out of the business account.
Usually, a fraudster calls or emails posing as a C-level executive within the company (e.g., CEO or CFO). They make sure to have a good knowledge of the company, to appear more believable. Afterwards, they require an urgent payment, using language such as ‘’confidentiality’’, ‘’The company trusts you’’, ‘’I am currently unavailable’’. Alternatively, they may refer to an expedited late payment, a need to solve a ‘’supplier’’ cash flow issue or the need to produce goods or services urgently.
Citing the reasons above, they ask the employee to not follow the regular authorisation procedures. Often, the request is for international payments to banks outside of Europe. Actually, the employee transfers funds to an account controlled by the fraudster.
What are the signs?
- Unsolicited email/phone call.
- Direct contact from a senior official you are normally not in contact with.
- Request for absolute confidentiality.
- Pressure and a sense of urgency.
- Unusual request in contradiction with internal procedures.
- Threats or unusual flattery/promises of rewards.
What can you do?
As a company:
- Be aware of the risks and ensure that employees are informed and aware too.
- Encourage your employees to approach payment requests with caution.
- Implement internal protocols concerning payments.
- Implement a procedure to verify the legitimacy of payment requests received by email.
- Establish reporting routines for managing fraud.
- Review information posted on your company website, restrict information and show caution with regard to social media.
- Upgrade and update technical security.
- Report actual or attempted fraud to the authorities, even if you aren’t the victim.
As an employee:
- Strictly apply the security procedures in place for payments and procurement. Do not skip any steps and do not give in to pressure.
- Always carefully check email addresses when dealing with sensitive information/money transfers.
- In case of doubt on a transfer order, consult a competent colleague.
- Never open suspicious links or attachments received by email. Be particularly careful when checking your private email on the company’s computers.
- Restrict information and show caution with regard to social media.
- Avoid sharing information on the company’s hierarchy, security or procedures.
- If you receive a suspicious email or call, always inform your IT department.