What does senior manager fraud look like?

This type of fraud happens when criminals impersonate senior staff members within a company (such as the CEO or Managing Directors). They’ll contact employees to try and trick them into revealing sensitive information or make payments to an account managed by the fraudster. This is often done via company email in an attempt to look legitimate, but criminals may contact employees via telephone, social media or SMS too.

For example, they may target employees in the finance department claiming to need an urgent payment for a supplier, service or product, and then coach the employee to make the payment to the bank account details which they provide. They’ll often stress that it’s very urgent to try and panic the employee and get them to act without double checking.

But it’s not just the finance department at risk, criminals could target anyone within a company asking for confidential or sensitive information. Under the guise of a manager, they might ask employees for personal contact details of people within the business or details of how the business works. They could also send a classic phishing email asking the employee to click on a link which takes them to a malicious website or download an attachment that downloads dangerous malware.

And it’s not just senior managers and CEOs…

…criminals can impersonate other employees from within an organisation and ask a colleague for help. For example, they may target HR or payroll staff pretending to be a colleague and ask for their salary to be paid to a new account.

Fraudsters may also hack into company email addresses of suppliers or customers so they can send an email from a genuine company email address. From here, they could ask for company information or for an invoice to be paid to a different bank account.

What employees need to watch out for

• Be suspicious of emails coming from outside the organisation’s email. If the message is claiming to be from a colleague using a private email or non-work telephone number, employees should query this internally.
• Criminals may also set up personal email addresses in the name of a senior staff member. Hover over the email address or click on it to make sure you're seeing the actual email address of the sender and not just the email "From" or “Display” name.
• Criminals can also imitate senior staff members by hacking into company email accounts. Don’t assume that an email is genuine just because it’s coming from their email – question anything unusual or urgent internally.
• Be suspicious of a request for a payment to be made to a new bank account – employees should be extra vigilant in case it’s actually a bank account controlled by a fraudster.
• Messages coming from the manager when they’re out of the office. Sometimes criminals will do this deliberately, so employees can’t check with the manager in person.
• Unusual requests for gift cards. Criminals claiming to be team leaders may ask for employees to purchase these to ‘reward’ team members, telling them that they can claim the money back. Fraudsters often ask for these as it seems like an innocent request, but gift cards can easily be sold for cash online.

How to stop fraud in the workplace

…tips for employees

• Stop and think - Usually the request sounds urgent to panic employees into acting without thinking. Remember to go through all the usual checks and balances.
•  Verify the person another way - Don’t be embarrassed to call the person sending the request or ask in person whether they made the request, or ask your manager. If you’re unsure, it’s always better to check.
• Report the suspicious message to the information security team – most email platforms have a ‘report suspicious email’ button which flags the message and blocks the sender. Employees should also report any other unusual contact that’s not on work channels (e.g. via SMS or social media).

…tips for businesses

• Educate your employees on common scams when they join the business, with regular refreshers and reminders of what to look out for. Promote a culture where employees feel safe to check and flag suspicious requests.
• You could set up a process to verify that senior manager requests for payments are legitimate. For example, employees could get confirmation over the phone or face-to-face/video as well as from a secondary channel such as a verified work email address.
• Business should remain vigilant and be aware of technology used by fraudsters which allows genuine voices and faces to be replicated, and ensure they have robust safeguards against deepfake-related fraud.
• Have a robust due diligence process in place to verify payment details, including change of account details for existing employees and contractors.
• Always check the originating email address and have a company security policy in place that warns when emails come from an external source.
• When a fraud takes place in a work setting, consider the impact it may have had on the employee. Falling victim to fraud can be upsetting, so take the time to check up on the employee’s wellbeing and offer support.
• Fraudsters might use the information on a manager’s ‘out of office’ reply to check when they are away and who to contact. You could suggest that your employees don’t provide this information to external replies.