Scammers using CEO addresses to rip off companies

Scammers are reportedly claiming to be corporate CEOs in email scams designed to steal up to hundreds of thousands of dollars from targeted companies.

Scammers misrepresenting themselves as corporate CEOs are sending fake emails to the CFOs of targeted companies. These emails request that up to hundreds of thousands of dollars be transferred urgently from targeted businesses to apparently legitimate bank accounts held by third-party individuals. However, these bank accounts may have been established using the details of people who have been victims of identity theft.

Businesses are advised to be suspicious of unexpected, urgent demands for large sums of money by any person – including CEOs and other senior leaders. You should always verify these requests directly with the person involved, and follow all governance and due diligence processes.

CERT Australia provides the following advice:

  • Consider adding a second method of verification for large financial transfers, such as verbal verification between employees.
  • Alert employees to be vigilant with regard to these incidents, especially those conducting or authorising wire transfers or similar financial instruments.
  • Do not reply to the email.
  • Sender Policy Framework (SPF) checking should be implemented to detect and prevent sender address forgery.
  • Review network logs for evidence of the indicators provided in this Alert.
  • Configure mail servers and mail scanners to block and remove emails with the indicators provided in this Alert.
  • Report identified activity to CERT Australia.

If a company has been defrauded as a consequence of these emails, report the matter to local police for investigation and escalation as appropriate.