If at first we recommended that you distrust any urgent communication you receive from your boss, you would probably not follow our advice and in fact we would receive a wake-up call from him/her.
However, “CEO fraud” is a type of email fraud or phishing, which consists precisely in posing as a senior manager or responsible position, and directing an email to a critical department (Financial, Administration, Treasury, etc.) to achieve:
– Carrying out large money transfers for urgent reasons.
– The change of bank accounts of a certain usual Provider, to divert bill payments to a fraudulent account.
– Click on a link or download a file that infects our device with a virus or ransomware.
In the following video, our CEO, Francisco Valencia, explains in detail what “CEO fraud” consists of and how we can avoid falling for this type of scam.
REAL CASE: During the pandemic, we were able to see how the ZENDAL Pharmaceutical Group was the victim of three fraudulent emails, which totaled 9 million euros in transfers to a false account at the request of a “senior manager” of the company. Obviously it turned out that a group of cybercriminals had supplanted the identity of that senior manager, to request the change of bank details of a supposed Provider. By the time the accounting company became aware of the scam, it was no longer possible to locate the attacker or recover the money.
ATTENTION: Since companies today, in the best of cases, have powerful anti-spam filters and most spam is blocked directly. INCIBE warns that cybercriminals have modified their strategies and are choosing to attack in the same way, but by other means such as:
– Telephone call impersonating the voice of a senior manager using specific software.
– Instant messaging of the type Whatsapp, Telegram, Teams, Zoom or similar.
– Notifications from web platforms such as GoogleDrive, SharePoint and other cloud.
SAFETY RECOMMENDATIONS: The main measure is to apply common sense, that is, is it normal for a senior manager of our company to ask us for something with such urgency? That is why we want to remind you that before falling into the trap we must:
– Do not trust the name of the alias of the sender and always look at the email address that appears when you right-click on said name, in case it is false.
– Never reply to the same message, click on links or download attached files.
– Contact the person or entity that sends us the request by way of confirmation of the request, by other alternative means that do not come in the message (in person, by phone, through the website, etc.).
– Even if requested by a senior manager or responsible position, in the event of changing a supplier account, always contact that supplier to request proof of bank ownership of the account to be changed.