Your business administrator or accounting staff receive an email from the Chief Executive or Accounts Manager or a company Director asking for funds to be transferred immediately.
Maybe this is common practice in your company and you have procedures to make this safe, but otherwise it could well be a scam.
How the Scam Works
- The scammer needs to know the name and email address of the Chief Executive. This is commonly available on the company website, Companies House records, press releases etc.
- Next, the scammer needs to know the email address of someone in accounts at the company. They may phone and ask who to send bills to by email or again the information may well be on the company website. Sometimes they look for contact details for the Accounts boss.
- Now they can send in an email addressed to the person in accounts and try to make it look as if it came from the CEO. The email will ask for money to be transferred to a new account and it must be done urgently.
- If the company is unsuspecting then they may transfer the money as requested and only find out later that it was a scam.
- The scammer will try to make the message look as if it’s from the Boss. Sometimes this is sophisticated spoofing so the message does really appear to be from the boss’s email address but usually the scammers aren’t that clever and simply put the name.
- So the email will something like From: Fred Bloggs (email@example.com) where Fred Blogs is the name of the boss and firstname.lastname@example.org is the actual email address
- The money is transferred as instructed but it goes to the scammer.
This scam has been widely publicised as some companies have lost a lot of money this way. But hopefully all companies now check on any such transfer rather than blindly following the email instruction.
Sometimes these scam messages are easy to spot.
e.g. a recent one addressed to fsmith @… looked valid but the email started with Dear Fsmith which gave the game away that it was computer generated and hence fake.
Another one contained the line “We need you to send £41,000 to a beneficiary today”.
The scammer uses words such as “beneficiary” to try to make it fit any circumstance but in practice this has the opposite effect as no commercial business calls its suppliers “beneficiaries”.
Most companies have a standard email format e.g. [firstname]_[lastname]@… Or [initial][surname]@… which can make it easier for scammers to guess email addresses once they know a few for the company.
Don’t make it easy for scammers and do have procedures in place to prevent this kind of scam.
Do leave a comment on this post – click on the post title then scroll down to leave your comment.