Sunday 25 September 2016

PLC and large charity hit with 'CEO fraud' attempts

Published 15/05/2016 | 02:30

In March, QBE, which insures around one in 10 law firms in the UK, said its data showed that around £85m (€108m) had been stolen across the legal market in the past 18 months.
In March, QBE, which insures around one in 10 law firms in the UK, said its data showed that around £85m (€108m) had been stolen across the legal market in the past 18 months.

An Irish PLC, a large charity and several law firms have been hit with malicious "CEO fraud" attempts in recent months, the Sunday Independent understands.

  • Go To

CEO fraud, also known as "bogus boss" fraud, is a sophisticated criminal attack on a company whereby someone attempts to impersonate its chief executive or chief financial officer.

"Over the past six months we have seen a dramatic increase in frantic calls from worried executives," said IT consultant Richard Greenane.

"CEO fraud starts with an email that appears to be from the boss of a company to a member of the finance department, asking them to make a transfer.

"Once the finance person replies, the emailer employs confidence tricks to get them to transfer a large sum of money into another bank account. It is simple but very effective," said Greenane.

"They might tell the finance department to expect a call from someone with details of the transaction. Of course the call is bogus too."

"Emails are very thoroughly researched and the fraudsters always seem to know a huge amount about the company and its employees.

"But this information can usually be easily obtained from Facebook or LinkedIn accounts or from the company's own website.

"Often the emails are sent when the boss is away on holiday, when staff are reluctant to telephone them to double check."

The Irish PLC, charity and law firms subject to CEO fraud attacks in recent months did not incur losses as their true nature was spotted before any transfer was made.

But companies in other parts of the world have not been so lucky.

Last autumn, California telecoms equipment company Ubiquiti Networks disclosed it had lost $46.7m through such a scam in its fourth quarter financial filing.

"On June 5, 2015, the company determined that it had been the victim of a criminal fraud," Ubiquity said.

"The incident involved employee impersonation and fraudulent requests from an outside entity targeting the company's finance department.

"This fraud resulted in transfers of funds aggregating $46.7m held by a company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties."

Most of the funds were not recovered.

In March, QBE, which insures around one in 10 law firms in the UK, said its data showed that around £85m (€108m) had been stolen across the legal market in the past 18 months.

The hackers tended to strike on Fridays when many housing deals are completed and solicitors moved their clients' money.

At home, gardai are also dealing with a marked increase in invoice redirection frauds perpetrated by criminals scraping data from open source websites such as the Companies Registration Office, professional registers that publicly record the details of accountants and auditors as well as material gleaned from social media platforms including LinkedIn, Twitter and Facebook.

Under the invoice redirect schemes, businesses and small suppliers - including sole traders - fall prey to requests, purporting to emanate from trusted suppliers or service providers into believing that a beneficiary's bank account details have been changed.

Sunday Indo Business

Read More

Promoted articles

Editors Choice

Also in Business