18 February 2019
Safeguard your business against CEO fraud.
Always be cautious when funds are asked to be transferred urgently and secretly.
If fraud is detected although the transfer has already been made, immediately notify your ING contact to try to block the funds before they disappear. Bear in mind that after 24 hours it is practically impossible to recuperate stolen amounts.
Social Engineering or CEO fraud
What is it?
Social engineering is the fact of gathering information about a target company in order to manipulate an in-house person of such company to take action (often to make a payment) or disclose confidential information.
- Fraudsters will contact your company by e-mail or by phone, acting as auditors, chartered accountants or even a federal department making an investigation. By this means, they collate information on your company's internal payment procedures as well as the people who make them.
- Then they contact the staff of your company with rights to make large payments and act as the CEO or the CFO (often away on mission in another entity of the group). They refer to the possibility of taking over a foreign rival requiring a major transaction. They also invoke a fiscal control in another entity of the group requiring funds to be transferred to such entity. Other scenarios are possible. In each of them, it is expressly stipulated that the transaction must be made urgently and with the utmost secrecy.
- The fraudsters will even call on an external consultancy (whose identity they have stolen) to make the operation more credible. Such consultancy will then contact the member of staff of your company to confirm the transaction and reiterate the secrecy and urgency of the payment to be made. If the staff member hesitates the fraudsters will use several tricks such as using top names in the company, flattery, even threats.
What safeguards to take?
- Always be cautious when funds are asked to be transferred urgently and secretly.
- In the event of an urgent request, always call back the person who made the request on a known phone number.
- Never let the same person have dual signing powers (cards and PIN numbers).
- Another safeguard: appoint a reference (who is neither the CEO nor the CFO) who must be contacted when a confidential or urgent transaction is requested. Such person can contact the company director personally to check the authenticity of the request. Caution, such powers may not be known outside the company.
Who to contact in case of doubt or fraud?
If you notice attempted fraud or if fraud has occurred in your businesses, immediately inform your ING contact. By calling your bank quickly, you will increase the likelihood of recuperating the funds embezzled.
Other formalities with the authorities can also be required (filing a complaint with the police, etc.). Our specialists can also advise you on the steps to be taken.
Contact : firstname.lastname@example.org