What is CEO fraud? How can an SME protect itself?

CEO fraud, also called CEO deception, fake president fraud and fake CEO e-mail, is a hot topic at the moment. There are more and more attacks. And the loss is generally huge: one medium-sized enterprise in Switzerland suffered a loss of around 50,000 Swiss francs. Experts expect losses to run into the billions.

What is behind the term «CEO fraud»?

Fraudsters instruct the finance department on behalf of the company’s head to make a payment. The instruction is sent either from either a counterfeit e-mail address or a real e-mail account that has been hacked. To put the recipient under pressure, the mail containing the instruction usually gives a reason purporting to be urgent and highly sensitive.

Preventive measures

To protect your company from CEO fraud and – if possible – to recognize it as such, raising your employees’ awareness of it is especially important. The following additional measures will help to minimize the risk of an attack:

• Define and implement a payment approval process within your company.
• Define factors that must trigger a separate check before payments are approved, and coordinate it with your bank or payments system. For example: payment amount, country of destination, etc.

Anyone who becomes suspicious should always contact the sender in person, ideally by telephone – and senior managers and IT security managers should be notified as soon as possible.

Cyber insurance just in case

No matter how careful you are, there is always a residual risk. In the event of fraud, a cyber insurance policy covers the costs arising from the loss. Helvetia also offers customers access to a network of experts with members including PR advisors, legal advisors and specialists in IT security and data protection.