The Mossos d’Esquadra have recently warned of the risk of what is known as CEO scama type of fraud that aims to mislead employees who have access to the economic resources of a company so that they pay a false invoice or make a transfer from the company’s account.
It is a method of deception quite common between cybercriminals and that, due to its characteristics, can get extract large amounts of money. The most notorious case in Spain was uncovered in October 2019 and exceeded 10.7 million euros defrauded.
How does it work?
The process used by scammers in these cases is very simple. First, they call or email pretending to be a high position in the company. They then request that the employee do an urgent payment linked to a relevant business activity.
At this point, they often use expressions such as “confidential” or “the company trusts you” with the aim of pressuring the worker to act without questioning the type of procedure that is being requested. With the secrecy excuseIn addition, it is requested that the transfer be made by means that are not usual.
On some occasions, the instructions on how to act can even be given later by posing as a third person or institution. Finally, the scam culminates when the transfer in question ends up in a bank account controlled by the scammer.
Don’t fall for the CEO scam. If you receive an urgent transfer request from someone who claims to be a director of the company and not connected, do not make the move. He used to be a scammer. Check out the reliability of the missatge with a responsible #StopScams pic.twitter.com/50P6oHlO4Y
— Mossos (@mossos) September 3, 2022
Clues to detect
Although these types of hoaxes are often easy to detect with the naked eye, it should be noted that in some cases it is difficult to notice because the criminals increasingly have access to data about the organization of the companies, which allows them to be much more credible when preparing the scam.
In this context, explains Europolthere are some signs that allow us to discover if the email we receive is part of a case of CEO scam:
Unsolicited phone call or email
Pressure and urgency
Direct communication with a senior official with whom you are not normally in contact
Misplaced request contradicting internal procedures
Request for absolute confidentiality
Threats, flattering comments, or promises of rewards
How should we act before the CEO scam?
Related news
The European Police Office It also provides some advice on how to act if we receive this type of request. In the case of workers, the ideal is to “strictly respect the current security procedures for payments and purchases.” In addition, it is recommended always check email addresses when you handle sensitive information.
If you have any doubts about the transfer request, you should check the veracity with fellow experts in the field. Also, as with other banking scams, it is important to take precautions with suspicious links and with the organization information that we share on the internet, since data about the company’s organization chart, security and procedures can be privileged information for cybercriminals.