CEO/CFO Fraud is a phishing scam that has gained popularity in recent years, where cyber criminals hack or spoof the email address of a senior staff member and request an urgent payment to an unknown account. These phishing emails are usually sent to staff involved in the finance or accounts of the company, and request payment in a manner which is often outside normal payment procedures. These emails appear to be genuine to convince staff members to comply with the request, believing they are indeed from their company’s CEO or CFO. Once the money has been transferred to the criminal’s account, it is usually withdrawn again straight away and hidden elsewhere.
You should be extra vigilant of:
– Any payment request which is outside of normal policy or procedure, especially by email
– Any urgent or confidential request for payment transfer, especially if not respecting the standard procedure
– Any unusual request such a transfer of high amounts to an unknown account or to a country where the company does no business
If you do receive an unusual financial request by email, we strongly advise you to get verbal confirmation from the sender before taking any action.
Concerned that your organisation may be vulnerable to such phishing attacks? We’re offering a free phishing risk assessment for companies who want to find out and learn how to mitigate these dangers.