The scam involves a series of sternly-worded emails, usually sent to a member of staff in accounts, asking for sums of money to be urgently transferred. The fraudsters use software which makes their emails seem like they come from a director of the business.
Maidstone, Kent-based Speedscreen Creative Print Solutions lost £20,000 to the scam.
Managing director Tim Hill said: “It’s very clever. I really didn’t think we would be the victim of such a scam. If I can help prevent it for one other company it’s worth shouting about.”
The fraudsters emailed a member of the accounts team at the Maidstone, Kent-based wide-format digital and screen print specialist, using HMA ‘hide my ass’ VPN software freely available on the internet. The emails looked like they were coming from Hill’s work email account.
Hill said: “It’s very cleverly done, it’s very simple. What they tend to do is try this scam on a Friday. Our accounts person thinks ‘I’ve got no paperwork’ but the email says ‘don’t ask questions, I’ll show you the paperwork later, just get it paid’.
If not paid quickly, the fraudsters follow up with increasingly irate emails, not giving their victims time to think.
Speedscreen paid £10,000 to a legitimate Halifax bank account, and a further £10,000 to a Yorkshire Bank account two weeks later.
Hill said his “normally very cautious” employee was mortified she was taken in.
The second time she questioned the payments. She had been off work on Friday afternoon so saw a series of increasingly irate emails, seemingly from her boss, requesting a wire transfer on Monday morning. She queried the payment with Hill’s PA and tried his mobile number as he had returned that morning from the US, but his phone was off.
“She left a message, saying ‘I’m just being cautious’. I didn’t pick it up, woke up later, and heard the message. I thought I don’t know what she’s talking about but I’ll be in the office in an hour.
“Got in midday on Monday, completely jet-lagged but just too late, she said ‘Oh no! I’ve just paid another one’.
Hill immediately contacted his bank and the second account was found and frozen but fraudsters had immediately transferred the money elsewhere.
“The bank said it’s happening so regularly, especially this year. It works with bigger companies than us. Someone in accounts gets this intimidating email by the CEO, they don’t want to look like they are questioning the boss. It’s very clever.
“I really didn’t think that we would be the victim of such a scam. If I can help prevent it for one other company it’s worth shouting about.”
The City of London Police’s National Fraud Intelligence Bureau said that more than £32m had been reported lost to the scam.
In a report released in February, it said there had been a marked increase in CEO fraud from July 2015 until January 2016 with a total of 994 reports being made to Action Fraud.
Companies typically lose £35,000 in the scam but officers warn that there seem to be two tiers of the fraud in operation.
One global healthcare products manufacturer lost £18.5m in a more sophisticated version in July last year, which involved a series of calls and emails to a financial controller who genuinely believed the man she was talking to was a senior member of staff. He convinced her to transfer money into three foreign bank accounts in Hong Kong, China and Tunisia.
Only around £1m has so far been recovered by victims as by the time companies realise they have been hit the money has been transferred to so-called 'mule' accounts.
Police say that limited companies are most at risk with 52% of reports coming from this business type and a disproportionately high amount, 22%, of reports have come from businesses within London.
Deputy head of Action Fraud, Steve Proffitt said: “It is important that all businesses are made aware of this type of fraud. We encourage businesses to educate their staff about this type of fraud in order to prevent themselves from becoming the next victim.
“Employees should be encouraged to double check everything they do and never be rushed into transferring large amounts of money even if they do think that it’s an important task given to them by their CEO. An increased awareness of this type of fraud amongst businesses will no doubt make it far harder for fraudsters to succeed.”
Hill said that in retrospect there were a few telltale signs that the emails were not from him.
Firstly the language used was more US English than UK English and, anyone replying to the email, if they look carefully can see the original Gmail, Yahoo or Hotmail type account used.
He added: “We’re a small company and £20,000 represents a lot of money for us. Our turnover is just over £2m.”
Action Fraud recommendations:
- Ensure all staff, not just finance teams, and know about this fraud.
- Have a system in place which allows staff to properly verify contact from their CEO or senior members of staff; for example having two points of contact so that the staff can check that the instruction which they have received from their CEO is legitimate.
- Always review financial transactions to check for inconsistencies/errors, such as a misspelt company name.
- Consider what information is publicly available about the business and whether it needs to be public.
- Ensure computer systems are secure and that antivirus software is up to date.
To report a fraud, call Action Fraud on 0300 123 2040 or use its online fraud reporting tool.