You return to the office only to find out that thousands of pounds are missing from your company bank account.
You have no idea what your accountant is talking about when they inform you that you instructed them to transfer those funds.
This is what we call CEO fraud – one of the many growing tactics used by e-criminals who are actively duping company accountants into transferring funds to unknown accounts by masquerading as senior staff within the business who have seemingly instructed them to do so.
From examples we have seen, emails send from address does not come from the same domain, therefore the criminals do not make any effort to hack your email/domain services.
They utilise any email server they can, therefore the domain can be anything so long as the send from name states the senior staff members name.
Of course, we know that Johns email address is wrong in that email. John is the director of John Smith Company Ltd who use a domain of @johnsmithcompany.com. This observation can save you thousands of pounds!
This simple, yet crafty manner of crime has affected many businesses and it’s not going to stop anytime soon.
Technically, this is not being picked up by email security due to the fact that the email services the hackers are using are indeed genuine. The best form of prevention is educating your staff, implementing the correct payment procedures and securing any domains that are similar to your current primary email domain to stop them registering those domains and fooling your staff e.g @johnsmithcompanyltd.com.
It’s worth noting that the example message above is from a client of ours, e-crime is on the increase, no longer are they just targeting large enterprises, we are all at risk.