The Cybersecurity Center warns of scams where the scammer pretends to be the CEO of the company represented by the victim. The messages may come from a real email address and even a genuine Teams conversation. However, the content of the message can reveal a scam.
The Finnish Transport and Communications Agency Traficom’s Cybersecurity Center says in its weekly review that it has received numerous reports of so-called CEO scams.
E-mails have been sent especially to financial administration employees in the name of the company’s managing director or general manager. Payroll accountants and substitutes are also more likely targets.
The e-mails have inquired about account balances and asked to make payments of tens of thousands of euros to both foreign and domestic bank accounts or to obtain gift cards.
The message can come from the boss’s correct address
According to the Cybersecurity Center, reasonably good Finnish has been used in the e-mails, and the sender’s e-mail address may have looked genuine. However, there are also more vague addresses.
– You should not think that a wrong sender’s address is a sure way to distinguish a scam message from a genuine one, the authority reminds in the release.
If the organization’s e-mail account has been hacked, the manager’s address could have ended up being used by criminals.
– If the e-mail box has been hacked, the confirmation messages sent by e-mail will be answered by a fraudster who assures that everything is fine.
The credibility of the scam can also be increased by, for example, a genuine Teams message, which is a continuation of the previous conversation with the boss.
Patience is a virtue
The Cybersecurity Center urges you to verify all suspicious messages and requests by calling the manager’s correct phone number, not, for example, the number stated in the suspicious message.
– Scam messages often refer to urgency or secrecy or claim that it is not possible to talk on the phone right now, but the money transfer should be done quickly, the Cyber Security Center says in its release.
– Financial management requires patience and restraint in the organization’s normal payment approval practices, even if the scam message requires bypassing normal checks and approvals, it continues.
Beware of payroll scams
In addition to the usual CEO scams, the Cyber Security Center also warns against salary payment scams. In them, the fraudster sends a message to the payroll accountant in the name of the manager, asking to change his salary account to another.
– In these cases too, it is necessary to adhere to the organization’s safe verification practices, and not to change anyone’s salary account based on a message alone, the authority emphasizes.
Source: Cyber Security Center