CEO Fraud: Detect, Defend, and Protect

Accompanying my current CEO Fraud Blog series, the Frankfurt School of Finance & Management invites you to an Expert Talk. Learn everything you need to know about this common fraud attempt!

In this online event, we aim to provide key information and practical assistance to protect your business from this frequently occurring fraud. We also want to take the opportunity to dive deeper into the subject than is typically possible in blog posts and give you the chance to ask questions and discuss them.

We will focus on five key questions that will enable every business owner to take the necessary steps to prevent fraud. We will discuss how CEO Fraud occurs, the different variants, and the warning signs that may indicate fraud, as well as the systems fraudsters use to gain access to internal company details.

Furthermore, we will explore how information leakage can be stopped and what security systems must be implemented to protect your business from fraud. We will also discuss preventive measures and analysis options and whether real-time analysis is possible.

Finally, we will cover the internal training that should be provided to employees to prepare them for preventive measures. We will also discuss who should participate in these training sessions and what types of training are most effective.

Our presentation will offer a comprehensive analysis of CEO Fraud and provide practical tips and strategies to protect your business from fraud. The Frankfurt School and I warmly invite you to join our info session, and we look forward to your comments and questions on this important topic. ➡️ Register for June 13, 2023, 12:30-13:30

CEO Fraud is not a unique fraud scheme

There are several similar fraud schemes that aim to financially harm businesses or individuals in similar ways, such as advance fee fraud, invoice fraud, purchase fraud, investment fraud, and rental fraud.

In general, these fraud schemes often involve identity theft, where criminals steal the identity of a person or company to carry out or prepare fraudulent activities.

In this context, cybercrime offenses such as social engineering and phishing also occur.

Variants of CEO Fraud:

• Internal fictitious business transactions: Request for payment of purchase amounts for a company acquisition, business deal, or other lucrative purchases, such as patents, real estate, or machinery.
  
• Refund of customer payments.
• Urgent need for intercompany payments: often combined with real emergency costs or an actual delayed customer payment.
• External business partners: Existing customers, suppliers, or service providers can be fictitiously involved to request things related to existing or new business transactions.
  
• Down payments for current large orders.
  
• Fake orders.
  
• Change of bank details: Pretending to change the company’s bank account before a real payment is made. Alternatively, the request may involve setting up or correcting supplier or customer bank details.
  
• False representation of authority: Demanding payment of due taxes or other fees.
  

Conclusion: CEO Fraud is a form of identity theft. Broadly speaking, "internal/external business partner fraud" affects many areas within a company.

The typical process of CEO Fraud:

1. Research and preparation: The fraudsters research the target company and its employees to get a detailed picture of who holds what position and which information and processes can be used for the fraud.
   
2. Phishing email or calls: The fraudsters send a personalized email to someone in a relevant position, such as the finance department. Often, other employees with access to needed confidential information are also targeted. The email is usually crafted to appear to come from a senior company official, such as the CEO, CFO, or leaders in accounting and finance. The emails are often supplemented by phone calls.
   
3. Manipulation: The fraudsters often use urgency and confidentiality in their emails to prompt the recipient to act quickly and refrain from discussing the matter with colleagues or superiors. They may also use additional fake documents, emails, or phone calls to confirm their identity or support their demands.
   
4. Transfer: If the fraudsters are successful, the recipients are tricked into transferring money to the fraudsters. The money is often sent to foreign accounts to avoid detection.
   
5. Cover-up: After the money is transferred, the fraudsters try to cover their tracks and eliminate any evidence that could identify them as the perpetrators.
   

Preventive measures

Fraudsters don’t jump higher than they have to!

• Train, review, adjust, and secure processes.
  
• Continuously detect and eliminate process bypasses and deviations through data analysis.
  
• Train risk management, internal audit, employees, and management on cybercrime and social engineering, especially those with sensitive access or high authority.
  
• Raise awareness among senior management that if they allow or demand process bypasses for themselves, it will no longer be unusual to bypass the process in the event of identity theft.
  
• Activate IT measures to easily identify external content.
  
• Review external company information, employee availability, or absences.
  
• Establish regular training for attacks and anomalies. An alarm routine should be established, like an annual fire drill or test spam emails.
  
• Report on current fraud schemes (fraud stories draw attention) and supplement with examples for personal use.
  

Further information in the CEO Fraud Blog:

CEO Fraud Blog - Your guide in the fight against the sophisticated "Grandparent Scam for Businesses".

➛

To the CEO Fraud Blog