CEO fraud - A scary and costly trend
The world we live in today seems like a smaller place, with email, social media, and texting making staying in contact a much simpler task. With the ability to stay in contact via online vehicles, we can also open ourselves up to the downside of this wide array of technology.
Identity theft and cyber scams seem to run hand in hand with technology as hackers are constantly evolving in their efforts to access our personal information to fraudulently pad their wallets. If you have any presence online, you are at risk of becoming a victim of fraudulent scams.
What is CEO fraud and what could CEO Fraud cost your company?
"CEO fraud" or "masquerading" is one type of scam that has become more and more prevalent. In this "business email compromise scam," the fraudster gains access to a company's email accounts to learn the roles of individuals within the company and the communication styles of the executives. The fraudster sends an email that appears to be authentic to an individual within the company who is authorized to make wire transfers, usually the CFO, controller, accounting manager, or even bookkeeper, depending on the size of the company. The email appears to come from an owner, president, CEO, or other senior-level executive and is written in their writing style, using similar salutations and punctuation. The email instructs the authorized employee to initiate a wire transfer, using the wire instructions provided, with the funds usually being wired to a foreign bank account. The email may also indicate that the request is "urgent" or "confidential" in hopes of getting the funds transferred quickly and quietly.
These scams are typically for larger dollar amounts and have occurred in every state and in 80 countries worldwide. The FBI indicates that the business email compromise scam has cost companies over $2 billion in the last three years with an average loss between $25,000 and $75,000.
How do you protect your company from this type of financial fraud?
The following are a few recommendations for strengthening internal controls over wire transfers or ACH payments:
• Restrict the ability of a single individual to initiate and authorize wire transfers by limiting authorization with the bank to a list of recurring approved vendors or payees.
• For nonrecurring wire transfers or ACH payments to vendors or payees:
• Restrict the amount or require additional verification and authorization for wire transfers over a certain amount.
• Require a written purchase order with signatures of the requester and approver.
• Prohibit email communications as a form of authorization for payment.
• Require a second layer of verification with the requester, either by phone or face to face.
• Add the requirement of a second approver on the bank website.
• Inquire with your insurance broker whether this type of fraud loss is covered under existing policies. If not, consider adding a policy or rider to further protect the company from loss.
• Inquire with your banker how to protect bank accounts from banking and cyber theft.
It is important to communicate the threat of fraudulent scams to your employees. By sharing CEO fraud and other scam stories, you will raise awareness within your organization and help reduce the risk of becoming a victim of fraud.
• John Poulopoulos is a CPA at Skokie-based Michael Silver & Company at (847) 982-0333.