Rise of CEO payment fraud and faster payments
Earlier this month we blogged about Preventing Email Fraud, giving advice for consumers on how to avoid being scammed. In the business world, another type of fraud which is commonly referred to as ‘CEO payment fraud’ is on the increase.
Stats around CEO payment fraud are shocking. UK Finance states that in 2018 603 cases of CEO payment fraud occurred totalling 831 payments to the value of £14.8 million. This shows how CEO payment fraud is a very real threat to businesses, and is something to both be aware of and vigilant against.
What is CEO Payment Fraud?
CEO payment fraud occurs when someone attempts to impersonate a senior executive of a company to steer funds into a fraudulent bank account. Victims are usually located within a company’s finance department, and they can be targeted via any form of communication channel – mainly phone and email.
Who can it affect?
Realistically, anyone within a company could be targeted by this type of fraud, although fraudsters will tend to go for anyone who has the permissions and access rights to make payments as this makes the process quicker, and will mean less people need to be involved along the chain (meaning they have less chance of getting caught).
How do they do it?
We’ve all most likely had a few fraudulent emails that have been sent to our personal email addresses. They are usually easy to identify due to their misspelling, unknown sender or it’s from a company you’ve never heard of, and so on. These emails can be detected quickly, not responded to and deleted but with CEO fraud it gets taken up a notch.
Imagine being sat at your desk and receiving an email into your work inbox from your company’s CEO stating that he needs money to be transferred urgently. You wouldn’t necessarily consider that this could be fraudulent and you’d potentially start the process to get the money over to the nominated recipient. Fraudsters can’t send emails directly from the CEO’s email address, but they will attempt to make it look like it’s directly from them and will try to speak casually and sign off with the full name of said CEO, so it can be more difficult to identify than you first think. Often the tone is conversational and they will try and get the money transferred over as quickly as possible.
How to protect yourself against CEO Fraud
There are a number of different things to consider when you get an email through from your CEO or a senior executive asking to transfer money in order to avoid falling victim to a CEO fraudster.
Assess the nature of the email
If the email contains subject matter that your CEO wouldn’t normally speak of then most definitely flag it up and aim to speak to them directly either in person or via phone before making any form of transfer. If the email is directed solely to you, and the CEO isn’t around to speak to, then mention it to a member of your team and assess the situation together.
Examine the email address
Fraudulent CEO emails can look incredibly convincing on first appearance, but it’s the one thing that will always be a major tell-tale sign once spotted. As stated before, these emails can’t be sent directly from your CEO, so it is imperative that you check the sender’s email address as this will be a clear giveaway as to the whether the email is genuine.
Take your time
No matter how urgent the email claims to be, just take your time in gathering all the facts you need to work out if the email is fraudulent or not. Also, assess how they wish this payment to be made as many CEO fraud emails will insist on using ‘Faster Payments’ and this is for a number of reasons as we explore now.
Faster Payments: The fraudster’s payment choice?
Faster Payments is a service that allows payments to be sent and received in a short space of time, typically between minutes and hours. This invokes a threat to any money that is being sent fraudulently – it can’t be intercepted quick enough if it’s realised that a fault has been made. As well as the criminal benefiting from receiving the payment quickly, they can also then move the money on quickly via their network so the money becomes irretrievable.
Push Payments vs Pull Payments
Faster Payments are an example of a Push payment since they are buyer-initiated, so the organisation that is initiating the transfer is in control as to when the payment is sent. According to UK Finance there were 34,128 cases of Authorised Push Payment (APP) scams that occurred in the first half of 2018 totalling £145.4m. Pull payments on the other hand are supplier-initiated payments, which means that whoever is receiving the money sets up an initial agreement with the buyer and then the supplier instructs for the money to be ‘pulled’ over. Examples of pull payments would be recurring card payments and Direct Debits. We recently explored the pros and cons of both these payment methods in this blog post.
At SmartDebit we help organisations use the trusted pull payment method of Direct Debit to take recurring payments, thereby improving cashflow and reducing customer churn. Contact Us to find out more.