The scam with the fake boss
Companies are increasingly falling victim to the so-called ‘CEO fraud’, also known as the ‘fake president fraud’. The basic idea is similar to the well-known ‘long-lost relative trick’. However, the ever-increasing professionalism of the perpetrators is making it harder to defend against, despite attention in the media.
The fake president fraud has created headlines on several occasions in recent years, with companies being defrauded of tens of millions in some cases. The perpetrators contact employees using a fake identity to induce them to transfer sometimes substantial quantities of money – generally to foreign accounts. The pretext for the transfer could be the purchase of company shares, for example. To this end, the perpetrators mostly use information acquired through social engineering about internal processes, communication channels and business relationships. In the process, existing approval for the transaction from a superior (e.g. the CEO) or instruction from the superior personally is simulated with forged emails and/or a telephone call.
Often, supposed lawyers are involved, who assist the company with the strictly confidential transaction and thus increase the trust of the deceived employee. The transferred money can usually not be recovered; the perpetrators close the accounts very quickly and transfer the stolen sum to a wide variety of other accounts in order to complicate tracing of the funds.
Regular training and raising awareness of employees can considerably reduce the risk of successful fraud. However, even these measures do not ensure complete protection. As long as payment processes are not carried out within a company in a fully automated way, without exceptions, the possibility of intervention by influencing employees remains a risk. Furthermore, the perpetrators of this scenario are constantly developing: recently, for example, supposed IT employees were involved, who informed the employee about an attempted fake president fraud after the call from the fake boss. Apparently, the sum demanded should be transferred in order to catch the perpetrator in the act. Here, too, the stolen money was lost by the deceived company.
‘With Funk CrimeSecure, there is a stand-alone solution that protects against current threats.’
Alexandra Köttgen, fidelity insurance expert
These and other scams – such as fake identity fraud or misdirection of money or goods – have long since developed into an established form of commercial criminality. It is not only within companies that the subject is becoming increasingly explosive; the insurance industry also lists claims from the fake president fraud in the upper echelons of current and particularly damaging scenarios. The German Insurance Association (Gesamtverband der Deutschen Versicherungswirtschaft – GDV) estimates the damages incurred in the period from 2016 to 2018 at over 150 million euros. The real figure could be far higher, as the statistics only include cases reported to insurers.
Risk transfer as a complementary measure
Risk transfer is an option to complement risk prevention. These claims can be insured as part of fidelity insurance. In addition to
the fraud scenarios outlined above, this insurance solution offers protection against damages through external third parties arising from other crimes such as robbery, theft or embezzlement. ‘Damages from unauthorised activity by internal employees, which often have much further-reaching damage potential and can cause huge damages over a long period, are also insured against,’ says Alexandra Köttgen, fidelity insurance expert at Funk. ‘The motives are varied, starting with personal necessity, frustration or greed, ranging all the way to revenge.’ The consequences for companies are not confined to the damages from loss of funds: there are often costs, e.g. as part of determining damage or legal prosecution, contractual penalties are incurred, or the perpetrators attempt to cause damage through revealing business or company secrets. ‘Many insurance products do not fully combat the risks, which is why we have developed a stand-alone solution with Funk CrimeSecure. In addition to considering the current threat situation, we have also included our experience of various cases of damages in the design of the product,’ explains Köttgen.
+49 40 35914-0