Blog

Meet the New Socially Engineered Fraud: The CEO Scam

David Anderson is principal of David Anderson & Associates, a Philadelphia forensic accounting firm that provides a full range of fraud investigation, forensic accounting and marital dissolution services in Philadelphia and the Delaware Valley.

John Jenkins was a hardworking and loyal corporate controller for Zest Products, a mid-sized wholesale distributor of cleaning products.  So, when he received an email from Howard Robertson, the CEO – who was out of town at the time – directing him to immediately wire $40,000 to a new vendor, he unhesitatingly did so, and confirmed it in an email.  It was only after Howard returned from his trip that he questioned John’s email.  They both came to the realization John had been duped by a new type of socially engineered fraud – the CEO scam.

This past April, Anderson, a Certified Fraud Examiner in Philadelphia, wrote a blog about socially engineered frauds.  In it, he discussed how these frauds are primarily perpetrated through the phone or emails which seek to obtain passwords or other private/personal information that the scammer can use to exploit the victim. The CEO scam works in much the same way.

The CEO scammer begins by calling the company – and/or visiting its website – to obtain information about the CEO and the firm’s financial and accounting staff to discover who might have access to bank accounts.  Included in this information are the email addresses of the individuals who will be scammed.  The scammer also may call or email the CEO to determine when the CEO is out of the office. Think how many of us post an automatic “out-of-office” email response when we are away.

The scammer next “spoofs” the CEO’s email address – in the example offered above, the scammer could have used easily obtainable spoofing software to make it appear as if the email came from Howard – and sends the email request to the target, requesting an immediate wire transfer of funds.  Sometimes, the scammer will embellish the email with a discussion of how this is part of a top-secret project – such as secret negotiations to buy another company, or to sell part of the company, or for development of a new product line. This embellishment is meant to further hide the fraud. While most CEO scams are one-shot deals, some scammers may try this multiple times to see how long it might continue to work.

Here are some basic steps to help prevent your organization from being victimized by the CEO scam:

  • Make sure your CEO, other senior executives and accounting/financial staff are aware of the scam.
  • Add additional controls to any wire transfer requests. For example, if Zest Products had a procedure that required the controller to verbally confirm the request with Howard – by, for example, calling Howard’s cell phone – the scam would have been discovered before it could be completed. Other controls can include requiring signed requests for all wire transfers, or for those over a certain dollar amount.
  • Advise employees to not reveal the CEO’s schedule or location to unknown individuals, and never in response to an email. This means that if they do send an email response, they should do so by composing a new email message and not just hit “Reply.”
  • Consider adding additional security software to verify the actual sending address of incoming emails.

Taking these few precautions can make your company less vulnerable to the CEO scam.

If you require the services of a Certified Fraud Examiner in Philadelphia or any other forensic accounting services in Philadelphia and the Delaware Valley, please contact the Philadelphia forensic accounting firm of David Anderson & Associates by calling David Anderson at 267-207-3597 or emailing him at david@davidandersonassociates.com.

About David Anderson & Associates

David Anderson & Associates is a Philadelphia forensic accounting firm that provides a full range of forensic accounting services in Philadelphia and the Delaware Valley.  The experienced professionals at David Anderson & Associates provide forensic accounting, business valuation, fraud investigation, fraud deterrence, litigation support, economic damage analysis, business consulting and outsourced CFO services.  Company principal David Anderson is a forensic accounting expert in Philadelphia who has more than 30 years of experience in financial and operational leadership positions and is a Certified Public Accountant, a Certified Valuation Analyst and a Certified Fraud Examiner in Philadelphia.