Transfer a sum of €984,100 to a foreign account on behalf of the CEO? Exactly such a request was made to an accountant at Ritter Sport in May 2017. However, this incident could be prevented by the quick and correct action of the employee. The e-mail of his alleged boss seemed strange to him, as he used a different spelling than usual. He called the CEO, Andreas Ronken, and inquired about the transfer to be made. He had never sent such an e-mail. The police were called in and a few days later the fraudsters were arrested in Tel Aviv (full article here, german only).
First, the attackers gather information about your company. Especially social networks such as LinkedIn are extremely helpful, because employees of companies can be found with their function. Further information can easily be found on the company website. The perpetrators now send an e-mail with a similar domain to that of the original sender and thus impersonate the CEO, often spelling and internals are incorporated into the e-mail to deceive the recipient. The employee is supposed to transfer money to a foreign account. The contact is then broken off by the fraudsters. The money is usually laundered through Asian banks, where it is then lost.
CEO Fraud is also referred to as Friday Afternoon Fraud, as it is often attacked on Friday afternoons. The reason: the transaction remains unnoticed until the following Monday.
Human errors can occur for a variety of reasons. These can be ignorance, skipping work steps or misinterpretations. For example, stress situations can lead to wrong actions. The fraudsters want the transfer to take place as quickly as possible, which in turn puts the employee concerned under pressure.
The Swiss Reporting and Analysis Centre for Information Security MELANI recommends that you should not divulge any information in the event of strange contact attempts, even if you are put under pressure by the sender. In addition, companies should check which information can be found online. MELANI also suggests introducing defined processes and strictly following them. For example, a four-eye principle with collective signature for money transfers. More information here.
Using Frama RMail is also helpful. In addition to functions such as e-mail encryption, electronic signatures or the simple sending of large files, protection against such attacks is also integrated. This protects against cases such as CEO fraud by checking the structure of the e-mail using advanced algorithms. Employees are warned to exercise caution by means of pop-ups. More information about RMail can be found here.