Would your boss e-mail you to purchase gift cards? It may be a fraud!
A clerical employee of a government agency in North Vancouver assumed the e-mail instruction request from her supervisor to be credible when he asked her to go out and purchase $500 in itunes cards. In the e-mail the supervisor claimed he was in a lengthy meeting, too busy to do this himself, and for her to forward the itunes card details back to him. The victim became suspicious when that transaction was successfully completed and then she received a second request for another $500 as the need was urgent! Unfortunately, the incident, which occurred on September 15, 2018, was a scam, known as a CEO Scam.
In a typical CEO Scam” fraudsters gain access to the e-mail account of an executive or supervisor and target employees who have the authority to access and move money. Fraudsters send realistic-looking e-mails, requesting urgent wire transfers or gift card purchases for what appear to be legitimate business or personal reasons, such as securing an important contract”, or a confidential transaction. They often send the targeted fraudulent e-mail when executives are travelling (accessing public Wi-fi) or are otherwise difficult to reach.
Believing that the request is real, the employee transfers the money— only to find out upon the boss’s return or through other correspondence that the e-mail was a scam and the money is gone.
Losses to this type of scam can range from hundreds to tens of thousands of dollars. The fake CEO Scam is a growing threat to businesses and organizations of all sizes. Here are tips to protect yourself and your business:
• Ensure your computer systems are secure, keep antivirus software up to date, and encourage all employees to use strong passwords to protect their email accounts from hackers.
• Take a careful look at the sender’s e-mail address. It may be very similar to the real one, with only one or two letters being different. • Double-check with executives when they send wire transfer requests by e-mail, even when they look legitimate. Don’t use the contact information provided in the message and don’t reply to the e-mail.
• Establish a standard process that requires multiple approvals for money transfers.
• Limit the amount of employee information available online and on social media. Fraudsters use it to find potential victims and time their targeted fraud.