ICC Commercial Crime Service

Cybercrime

CEO Email Scams That Use Employees to Steal Millions

Imagine you receive an email from your boss, who happens to be the company’s CEO, asking you to wire immediately a large sum of money to an overseas supplier in order to close an important transaction. What would you do?

A recent FBI alert reveals that some diligent fraudsters may already know the answer. Relying on your desire to please the boss, and to do so quickly, they are making off with millions from unsuspecting victims.

This latest trend in fraud is a wake-up call to management at companies large and small who may have felt impervious. It also offers some insight into the latest strategies fraudsters are using, and the critical importance of prevention efforts, as well asthe effectiveness ofasset recovery.

In the same way that thieves may "case" a potential target, more sophisticated fraudsters do the same. After hacking into a company's computer system, they are taking the time to learn about the CEO and the organization, and determine how monies are being transferred with the company, says Brian Krebs, former reporter at The Washington Post, who writes a daily blog, Krebs on Security, about computer and cybercrime.

"Fraudsters perpetrating these scams do their homework before targeting a business and its employees, monitoring and studying their selected victims prior to initiating the fraud," says Krebs.

The information can then be used to commit fraud under the CEO’s watch and with the assistance of his loyal staff. A post mortem on the crimes revealed that in many cases, the fraudulent emails coincided with the executive's being out of the office or otherwise unavailable. In one incident, the CEO was tied up in meetings out of the office. Even when accounting personnel attempted to verify the need for the wire, they were unable to easily reach the CEO for verification, Krebs says.With the clock ticking, they executed what they thought was a legitimate request from their top executive.

The so called "Business E-mail Compromise" (BEC) fraud typically targets businesses working with foreign suppliers, and/or businesses that regularly perform wire transfer payments, the FBI alert warns.

"The BEC scam continues to grow and evolve, and it targets businesses of all sizes. There has been a 270 percent increase in identified victims and exposed loss since January 2015," according to the FBI alert. More than 7,000 victims have been scammed. Exposed loss includes actual and attempted losses, and totals $700 million and counting.

Fraudsters worm their way in by breaching the company's computer security protections and protocols, which is unfortunately relatively easy to do. Once in, they are able to obtain the information needed to perpetrate the fraud.

These computer scams are executed through a phishing scam. The victim receives an email from what appears to be a legitimate source. The victim clicks on what is actually a malicious link, and downloads malware, that allows the fraudster unfettered access to critical data including the victim’s passwords and financial account information.

The good news is that funds can sometimes be recovered, or the process thwarted altogether. Attorneys, including myself, who are civil asset recovery specialists and members of the global asset recovery network ICC FraudNet have advised CEOs in such cases with good results.

However, the key to recovery is acting quickly.One CEO, who contacted me immediately after the fraud was discovered, was able to work with his company’s bank to freeze the funds at the recipient bank. Another CEO, who waited months after the fraud was committed to explore asset recovery, had little chance of success since the money was moved shortly after it was received. Responding immediately to the situation and accessing experts familiar with offshore asset recovery and cyber security is critical. They can take steps to freeze the funds before the company’s money becomes unreachable. While asset recovery is possible, there are limitations.

Prevention is the key. There are threesimple steps companies can take to minimize the risk:

. Require a two-step verification where available, or establish other communication channels such as     requesting a simple telephone call to verify significant transactions.
. Train employees, particular accounting departments, making them aware of BEC and similar frauds.
. Exercise restraint when publishing information about employee activities on websites or through social     media.

While beefing up cyber security, training and preparation is critical to protecting your company, when communicating with employees, continually emphasize common sense and the company’s bottom line. Otherwise, loyal employees may be tempted to ignore their instincts when receiving an urgent message from a CEO.

Joseph J. Wielebinski, a shareholder at Munsch Hardt Kopf & Harr in Dallas, is part of the firm’s Fraud and Asset Recovery group and Executive Director Emeritus of ICC-FraudNet, a London based invitation-only organization, consisting of lawyers throughout the world who have significant experience in complex commercial fraud and offshore asset identification and recovery. He has represented numerous victims in matters involving complex financial fraud, theft, money laundering and other white collar crimes. Joe has served as a Federal District Court receiver at the request of the SEC in cases involving national and cross-border fraud schemes.





ICC FraudNet is an international network of independent lawyers who are leading civil asset recovery specialists in each country.Our membership extends to every continent and the world’s major economies, as well as leading offshore wealth havens that have complex bank secrecy laws and institutions where the proceeds of fraud often are hidden. Founded in 2004 by the Paris-based International Chamber of Commerce (ICC), the world’s business organization, FraudNet operates under the auspices of the ICC’s London-based Commercial Crime Services unit. FraudNet has been recognized by Chambers Global as the world’s leading asset recovery legal network.