Fraud can cause serious damage to corporates and institutions and ruin smaller companies. A well-planned fraud can empty a company’s bank account in a few minutes, and the money is quickly distributed globally, potentially making it impossible to get back.
“Cyber criminals are extremely good at creating false identities,” says Sune Gabelgård from Danske Bank, who is an expert in the fight against cybercrime. “They spend a lot of time acquiring information about companies, so they know how they can strike in a convincing manner. For example, they do not hold back when it comes to hacking e-mail accounts and using them.”
“We do everything we can to help our customers withdraw payments that have ended up in the hands of criminals. However, it is often difficult to recall the money once it has left the account. That’s why it is critical for businesses to focus on how they can protect themselves against cybercrime like CEO fraud,” says Sune Gabelgård.
Read more about how you can protect your company below.
What is CEO fraud?
CEO fraud typically begins with the cybercriminals sending an e-mail to employees in e.g. the financial department. The criminals pretend to be the CEO of the company who would like the employee to make a transaction to a new account, e.g. due to a confidential project. It often happens during the holiday season, when the company is typically busy, and the CEO might be on vacation.
Loyal employees tend to make the transaction right away, and do not discover the fraud until it is too late.
What is fraud by change of supplier information?
Another trick used by cybercriminals is to pretend to be a part of the company’s regular suppliers and ask an employee to change the account information to a fake account.
“Cybercriminals often know the relation between the supplier and the company very well, and they even know when the scheduled payments take place. So they often make the request right before the business is about to make a major transaction,” says Sune Gabelgård.
“Most employees go ahead and make the change, because the request comes from someone they know well. Unfortunately, what often happens is that the payment goes directly to the cyber criminals, as this type of fraud is not discovered until the real supplier calls and asks, where his money is,” Sune explains.
How to prevent your employees and business against cybercrime
Make sure that all your employees are aware about fraud.
Make sure you have standard procedures that allow employees to verify urgent transactions or change of account information.
If a supplier asks to have their account information changed, always make a test call to the number you usually use.
Consider if you might need two employees to approve larger transactions, and make sure that they are watchful.
Consider what information you share about employees on your external website. Is it necessary to share their e-mail addresses?
Consider how you share information about suppliers on your external website.
Make sure that all your employees are aware about fraud.
Make sure you have standard procedures that allow employees to verify urgent transactions or change of account information.
If a supplier asks to have their account information changed, always make a test call to the number you usually use.
Consider if you might need two employees to approve larger transactions, and make sure that they are watchful.
Consider what information you share about employees on your external website. Is it necessary to share their e-mail addresses?
Consider how you share information about suppliers on your external website.
How do you avoid fraud?
The impact of cybercrime can be serious, but luckily, you can protect your business and employees and limit potential losses by following some good advice. Find some of the advice above, and learn more on our Keep it Safe site.
If you use Business Online (soon to be District), you have access to a range of functionalities that can help you protect your business. For example, you can manage who is allowed to make transactions, ensure that transactions always need to be approved by two persons, and set a limit to the size of transactions made by certain users or from certain accounts.
If you have been exposed to fraud
If your business has been exposed to fraud, it is critical that you react quickly. Even though you take precautions in the fight against fraud, it is difficult to fully hedge yourself against cybercrime. Therefore, it is a good idea to take out an insurance against cybercrime that covers hacking or virus attacks, and an online banking insurance that covers break-ins in your company’s online banking.