Go to top of page

Scammers using CEO addresses to rip off companies

Priority Level: 
Moderate
12 January 2016

Scammers are reportedly claiming to be corporate CEOs in email scams designed to steal up to hundreds of thousands of dollars from targeted companies.

Stay Smart Online has received a report that scammers misrepresenting themselves as corporate CEOs are sending fake emails to the CFOs of targeted companies. These emails request that up to hundreds of thousands of dollars be transferred urgently from targeted businesses to apparently legitimate bank accounts held by third-party individuals. However, these bank accounts may have been established using the details of people who have been victims of identity theft.

The relatively sophisticated scam appears to be identical to, or a recurrence of, the ‘Business Email Compromise’ or ‘Wire Fraud’ scam that Stay Smart Online provided an Alert about in October 2014. Details of the 2014 scam were provided by CERT Australia. The FBI has published similar reports regarding the ‘Business Email Compromise’ scam.

Businesses are advised to be suspicious of unexpected, urgent demands for large sums of money by any person – including CEOs and other senior leaders. You should always verify these requests directly with the person involved, and follow all governance and due diligence processes.

CERT Australia provides the following advice:

  •  Consider adding a second method of verification for large financial transfers, such as verbal verification between employees.
  •  Alert employees to be vigilant with regard to these incidents, especially those conducting or authorising wire transfers or similar financial instruments.
  •  Do not reply to the email.
  •  Sender Policy Framework (SPF) checking should be implemented to detect and prevent sender address forgery.
  • Review network logs for evidence of the indicators provided in this Alert.
  •  Configure mail servers and mail scanners to block and remove emails with the indicators provided in this Alert.
  •  Report identified activity to CERT Australia.

If a company has been defrauded as a consequence of these emails, report the matter to local police for investigation and escalation as appropriate.      

More information

Stay Smart Online has information on recognising scam or hoax emails and websites.

 The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.