I am interested in
?
The “Search” function is not available at the moment, please try again later.
Please get in contact with us. To contact form
SME
Cyber

What is CEO fraud? How can an SME protect itself?

An e-mail from your boss lands in your inbox. It instructs you to make an urgent payment. Do you carry out the instruction unhesitatingly? Be careful: it could be a scam called CEO fraud. We show you how to minimize the threat of an attack on your SME.

8 November 2019, author: Natascha Fabian, photo: Helvetia

Man with black hood sits at his laptop
Huge sums lost to CEO fraud: What is behind this perfidious scam, and how can companies protect themselves?

CEO fraud, also called CEO deception, fake president fraud and fake CEO e-mail, is a hot topic at the moment. There are more and more attacks. And the loss is generally huge: one medium-sized enterprise in Switzerland suffered a loss of around 50,000 Swiss francs. Experts expect losses to run into the billions.

What is behind the term «CEO fraud»?

Fraudsters instruct the finance department on behalf of the company’s head to make a payment. The instruction is sent either from either a counterfeit e-mail address or a real e-mail account that has been hacked. To put the recipient under pressure, the mail containing the instruction usually gives a reason purporting to be urgent and highly sensitive.

Preventive measures

To protect your company from CEO fraud and – if possible – to recognize it as such, raising your employees’ awareness of it is especially important. The following additional measures will help to minimize the risk of an attack:

  • Define and implement a payment approval process within your company.
  • Define factors that must trigger a separate check before payments are approved, and coordinate it with your bank or payments system. For example: payment amount, country of destination, etc.

Anyone who becomes suspicious should always contact the sender in person, ideally by telephone – and senior managers and IT security managers should be notified as soon as possible.

Cyber insurance just in case

No matter how careful you are, there is always a residual risk. In the event of fraud, a cyber insurance policy covers the costs arising from the loss. Helvetia also offers customers access to a network of experts with members including PR advisors, legal advisors and specialists in IT security and data protection.