Neighbourhood Watch Warns of CEO Fraud
As part of CSS’s commitment to all matters of security we take a keen interest in initiatives carried out and supported by Neighbourhood Watch Scotland.
The National Fraud Intelligence Bureau (NFIB) has issued some guidelines for online security following recent cases of CEO Fraud targeted at schools.
What is CEO Fraud?
CEO Fraud is when an organisation is contacted by a fraudster via email. In the case of the schools targeting the email address used was one similar to the school Principal’s email address; a spoof email address. The member of staff responsible for financial transactions is sent an email from the spoof email address. In the spoof email the member of staff is asked to make an urgent bank transfer, often for thousands of pounds. Because the member of staff thinks the email is from the Principal or someone in a position of authority in their organisation they make the transfer. Of course, the money is transferred into the fraudster’s account.
Whilst the targeting of schools prompted this advice, any organisation is susceptible to CEO Fraud. Many businesses throughout the country have already experienced it and has suffered losses of thousands of pounds.
How to Prevent CEO Fraud
NFIB’s advice to try to prevent CEO Fraud is as follows:
- Ensure that your organisation has robust processes for verifying and corroborating requests for financial transactions. This should include contacting who you think the recipient is using a method other than email e.g. phone, face-to-face to confirm the request is legitimate.
- All staff should be made aware of CEO Fraud and the prevention processes.
- Always make sure that any sensitive and/or personal information you hold about individuals and organisations are done so securely. If it isn’t, you run the risk of it being accessed by fraudsters. Shred all confidential documents.
- Don’t open any emails that look suspicious. If you do, don’t click any links contained in the email or download any attachments.
If you have been affected by this, or any other type of fraud, report it to Action Fraud by calling 0300 123 2040, or visiting the Action Fraud website.