Make sure you pay the CEO
Over the last month the J2 Software team have noticed an increase in an evolved method in change of bank details or payment fraud. While this might sound like old news, this now more directly involves the CEO.
Traditional payment fraud has been rife for some time where the cyber criminal impersonates the CEO, or other senior members of staff, to convince the finance department to make an urgent payment to either a new supplier or update their bank details. The change of bank detail fraud uses fake banking confirmation letters and the trust of finance people to update an existing supplier’s details. The growing number of successful attacks have proven to be very costly to businesses of all sizes. Owing to this, many businesses have now implemented stronger verification processes to verify supplier bank details changes, which means that the criminals have had to change their approach and tactics.
This trend involves an internal change of bank details, mostly for the CEO. The cyber criminal impersonates the CEO by using an external email address, claiming that it is their private email address, and requests that their bank details for payroll is updated. All of these use similar wording and it is usually done a week before payroll, to stress the urgency. To make sure that they pay their CEO, many of these changes have been successful. The finance or HR team update the details and the cyber criminal is paid, after which they rapidly get the money out before anybody notices.
Read more: Make sure you pay the CEO
- Hits: 89