What to Do When The Smartest Guy In The Room Is A Criminal
Everybody loves a good story about an arrogant CEO-type who gets what’s coming to them. The list of movies with this popular storyline are too numerous to mention here (actually I’m too lazy right now to do the boring research for this one little factoid). When you become a CEO, man or woman, many people think wrongly that you’re the ‘smartest one in the room’.
Yeah…right. Not anymore.
CEO Fraud – It’s Not Just For Breakfast Anymore
In a recent FBI press release, some very troubling statistics were divulged. Very troubling indeed. It seems the criminals are becoming the real smart ones to the tune of 2.3 billion dollars since October of 2013. Yes – Billion with a capital frickin’ B. Since then until February of this year there have been 17,642 victims from all 50 states and 79 countries.
Since January of 2015, there has also been a 270% increase in the number of smart guys victimized and dollar loss. Wow! That means the average…just the average…loss is north of $130,000. And all it takes is an email? Do tell – how does it work.
How CEO Fraud Works
- Write email to unsuspecting person responsible for wire transfers or finances.
- Tell same unsuspecting person to send money by pretending to be the CEO.
- Collect money.
Really – it’s just about that simple. According to the FBI:
The main scheme is known as the business e-mail compromise scheme, or B.E.C. The scheme is also known as “CEO fraud” or the “man in the middle” scheme. B.E.C. is defined as a fraud targeting businesses that regularly perform wire transfer payments. The scam is carried out when perpetrators compromise e-mail accounts through social engineering or through computer intrusion techniques to fraudulently direct electronic fund transfers.
There is no profile for victim businesses. Victims range from large corporations to tech companies, to small businesses, to non-profit organizations. The schemers conduct research to learn about the employees in a company who manage the money, as well as the protocol necessary to perform wire transfers within that business environment. In some cases, information is obtained through a phishing scheme. In others, businesses may be victims of ransomware or other cyber intrusion prior to the B.E.C attack.
That was simple. No muss. No fuss. And a minimum amount of bloodshed…virtually speaking.
How To Stop CEO Fraud
“Hello? Mr. CEO?”
“Yes – that’s me. Hrrumph. Hrrumph.”
“Did you authorize $15 million dollars to be transferred to Bob’s Corner Bank and Bakery in Malaysia?
“Thank you. Will I get a bonus this year with all the money we just saved by switching to GEICO?”
“Hrrumph…but of course.”
Obviously there are also technical measures, like positive ACH controls. Also called Positive Pay. I think it’s more fun to call the grumpy CEO and save them a few million dollars.
What do you think?