CEO/Supplier Fraud

Date 27 jul. 2016
Download PDF version PDF

 

So-called CEO/Supplier Fraud is an increasing problem abroad as well in Denmark and the fraudsters are continually becoming more competent.

In the case of CEO Fraud the fraudsters pretend to be the CEO or chief accountant of the company requesting the employees by email to transfer large amounts of money to foreign bank accounts.

The fraudsters hack into the companies’ systems so that the contact to the employees occurs as a response to existing internal email correspondences. Further, there are cases of internal codes and/or group-specific wording being used in the requests so that no suspicion is raised with the employee that the transfer request is not coming from the actual CEO/manager. Most often it is indicated in the requests that it is a particularly confidential transaction of urgency and that the transfer therefore must be carried through the same day or the next at the latest.

In Denmark for instance, two employees in two companies have been deceived into carrying through transfers of up to respectively DKK 100 million and 140 million.

We are also seeing an increase in the number of cases where fraudsters pretend to be the supplier of the company indicating new payment instructions on invoices already issued or attached invoices. In these cases the fraudsters also hack into the company’s IT system where they gain access to client lists and previously paid invoices which enables them to falsify invoices and inquiries so that they appear to be identical with and as being issued by the company’s existing suppliers.

 

According to FBI statistics, more than USD 3 billion in losses due to email fraud has been reported in the past 3 years from 100 countries. From January 2015 to June 2016, an increase of 1,300% in losses due to such fraud has been registered. While the transactions are carried through to banks in 79 different countries, the majority has taken place to banks in China and Hong Kong.  

 

In Denmark the Public Prosecutor for Serious Economic Crime (“SØIK”) has, in line with the FBI in the US, issued guidelines for the purpose of preventing CEO Fraud/email fraud which can be summarized as follows:

  • All employees, not just in the accountant department, must know about CEO Fraud.
  • The company must update its procedures on large transfers. The company may consider whether it has the appropriate maximum amount limits, whether the correct persons have access to transfer money and whether one person alone is allowed to transfer money. FBI specifically recommends that larger transfers should always require authorization by more than one person.
  • Everyone must be specifically alert when receiving requests for electronic transfers – especially those indicating urgency.
  • The company must make it possible to have the contact confirmed with the CEO/manager – e.g. by a follow-up phone call. Fraudsters often take advantage of periods when the CEO/manager is unavailable, e.g. when they are on holiday.
  • The company must check any foreign requests for transactions for faults and deficiencies such as misspelling of company names and addresses. Fraudsters often use businesses that are either relatively newly established or fictive, and an online search can raise suspicion of fraud.

Moalem Weitemeyer Bendtsen provides advice regarding IT crime and fraud against businesses, including internal due diligence, preparation of procedures to prevent email fraud, related employment disputes, action for damages etc.

 

 

If you have any question or would like additional information regarding the content of the above, please feel free to contact Partner Signe Renée West (srw@mwblaw.dk) or Partner Pernille Nørkær (pno@mwblaw.dk).

 

The above does not constitute legal counselling and Moalem Weitemeyer Bendtsen does not warrant the accuracy of the information. With the above text, Moalem Weitemeyer Bendtsen has not assumes responsibility of any kind as a consequence of any reader’s use of the above as a basis for decision or considerations.