How to spot and prevent CEO fraud
- Check the sender email address
Hover over the email address or click on it to make sure you're seeing the actual email address of the sender and not just the email "From" or “Display” name. An email "From" name can be chosen by the fraudster - so they may set this to your CEO’s email address or name, so it appears to come from them. If you click or hover over it, the true email address will be displayed and you'll be able to see whether it's genuine.
- Question anything unusual or urgent
If the email asks for an urgent payment transfer, or help paying an overdue invoice, or, if you’re in HR, for sensitive employee data - question whether these requests usually come from your CEO or this executive.
- Verify over the phone or in person
Don’t be embarrassed to call the executive or ask in person whether they made the request, or ask your manager. If you’re unsure, it’s always better to check.
- Train up your staff
Staff awareness is key. Review your internal processes and introduce regular emails and tests to help make staff aware of fraud, and know how to spot and report it.
- Install anti-fraud software
There’s plenty of software you can use to help you assess risks and detect fraud, including alerts for risky activity on a corporate device. Having up-to-date anti-fraud software reduces the risk of cyber attack, malware, ransomware, data breaches and ultimately losing the business money.