Fraud Risk Scheme:
CEO Fraud is a form of social engineering where the fraudster impersonates a company executive (the CEO, President, a board member) to issue a secret and urgent wire transfer order. The fraudster contacts an employee responsible for finance or payments and uses psychological manipulation techniques and false pretenses (for example, a secret acquisition, an urgent tax audit, a ransom payment) to convince them to quickly execute a large transfer to an external account controlled by the fraudsters.
Detection:
Transactions outside normal deadlines or with unjustified urgency: Monitoring transfer orders requested in a hurried manner, outside usual processes or working hours, and accompanied by strong pressure for immediate execution.
High transfers to external accounts: Detection of transactions with an unusually high amount that are directed toward a bank account never used by the company before (new foreign or local beneficiary).
Demand for confidentiality and unusual communication channels: Alert if the transfer request insists on "absolute confidentiality" and comes from an email address slightly different from that of the executive or an unregistered phone number.
Inconsistencies in language or tone: Identification of transfer orders containing language errors, unusual terms for the executive concerned, or a lack of supporting details.
Prevention:
- Employee training and regular awareness: Regularly educate finance teams and key employees on the tactics of CEO fraud and encourage them to doubt any urgent and confidential request involving a money transfer.
Share your feedback:
What tools, techniques, and processes are used in your organization to detect and prevent such fraud schemes?
