Known variously as “CEO fraud” and the “business email compromise”, this common email scam is a sophisticated and an increasingly common one targeting Channel Island businesses.
In January 2015, the FBI warned that cyber thieves stole nearly $215 million from businesses in the previous 14 months through such email scams, which start when crooks spoof the email accounts of business executives or employees.
How does this work? Fraudsters spoof your business mail headers (your email address) in email messages to fool your email system into letting the fraud email through to your employees; these emails appear to originate from your email account. Employees who respond to your “spoofed” email identity are then unknowingly in direct contact with the fraudster who will then commonly illicit payments.
A Law At Work client in Jersey recently had this experience, when the CEO’s email was hacked and a “spoof” email was sent to the accounts department. Luckily for them the unsuspecting employee asked questions before making a payment “as directed by the CEO” and the payment was stopped. Speaking to other clients, this appears to be common problem.
So how should you protect your business? Many companies are now having to consider just this. One of the best ways to protect your business is to ensure that your business has the technology tools to assist it. There are many tools available to help prevent this; so speak to your local IT provider who should have experience in this area. One other area to consider is employee training. It is vital that employees are trained to spot this type of fraud as a second line of defense. We recommend businesses conduct fraud awareness updates every six months in order to ensure employees are kept up to date with this type of fraud as it becomes more sophisticated. We also recommend the staff handbook and/or business intranet page contains practical updated advice.
If you need any help and assistance please give the LAW team a call.