A Real exali Damage Event: Fake CEO Steals More Than 3.000 Euros
When the CEO gives an instruction and time is of the essence, as an employee you don’t dig deeper, do you? An employee at a software company also was confronted with this question. His alleged manager instructed him to buy gift cards and demanded the employee to provide him with the codes. The employee complied with the instructions, and that’s when the disaster took its course...
Protect from Fake President Trick Video:
The Fake President Trick: When The Boss Really Isn’t The Boss
The so-called fake president trick or fake president fraud isn’t new: Cybercriminals pose as CEOs, bosses or supervisors and ask employees to buy gift cards or the like and then pass the codes directly on to them (e.g. via email or WhatsApp). The scammers rely on the good faith of the employees, because who questions orders from their boss? This is exactly what happened in this real damage event, in which the employee of an app developer insured by exali fell for the fake president trick.
The employee received an email from the supposed CEO, in which the CEO asked for the employee’s private cell phone number. In a WhatsApp chat, with the boss’s profile picture, the fake manager said that he was in a conference and urgently needed some digital gift cards. He told the employee to go to an electronics retailer right away to buy them. When the employee asked critical questions, the caller increased the pressure on the employee to quickly comply with the instructions.
Voucher Codes Worth 3.000 Euros Stolen
Despite concerns, the employee ended up buying vouchers and gift cards worth more than 3.000 euros at various shops. As requested, he took the cards out of the packaging, photographed the codes and sent the pictures to his supposed manager via WhatsApp. The fake manager always dismissed any concerns that arose, arguing that in a flat corporate hierarchy it was common to quickly pay for something with a private credit card and have the money reimbursed later by the company. By the time the real boss found out about the story, the damage was of course already done.
Last Resort: Professional Indemnity Insurance for Digital Professions
Fortunately, the app developer reported the damage to exali’s insurance professionals. They forwarded the case to the insurer, who, after a thorough examination, decided to assume a large part of the financial damage incurred, as part of the company’s Professional Indemnity Insurance – i.e. almost 3.000 euros. No one would deny that the financial damage arose here due to the fact that the company's employee fell victim to a scam. But who is responsible here? Only the scammer? Or also the employee?
Security For Your Business – Even When Employees Become A Risk
The conditions of the Professional Indemnity Insurance fir Digital Professions via exali take a clear position on this: The wording of the basic insurance coverage says this: Policyholders are protected against financial losses caused by fraud by third parties with the intention of unlawfully enriching themselves. This also includes the so-called fake president trick used here. This insurance protection also applies if co-insured parties (here: an employee) fall victim to fraudulent misrepresentation. The insurer will reimburse the amount of money necessary to restore the situation that would have existed without the fraud.
Social Engineering: When People Become A Risk
Social engineering scams like the fake president trick rely on targeted manipulation of people. The attackers exploit the trustworthiness or fears (e.g. trouble with the boss) of their targets in order to obtain sensitive information or circumvent security mechanisms.
Fake President Trick: Here Is How To Protect Yourself And Your Employees
The scams used by fraudsters are becoming more and more perfidious. And as the fake president trick impressively shows, they mostly rely on human error. That’s why it’s important for entrepreneurs in particular to keep up to date with the latest scams being used by cybercriminals and to inform employees about them. In general, a fake president attack can be recognised by the following signs:
- The email doesn’t contain a signature or it is altered in some way.
- The salutation, the content or the greeting used in the email deviate from the usual language used by the supervisor.
- Employees are suddenly addressed informally, when they are usually addressed with formal language.
- Calls are made from a blocked number.
- Requests to transfer money are not from the immediate supervisor, but from senior management (possibly even from subsidiaries or other locations of the company).
- Unusually large sums are to be transferred.
- The employee is spontaneously asked to buy or charge voucher or gift cards and send the codes directly to the alleged boss.
- The boss reacts to critical questions with irritation or threats.
Excellent Protection Even In The Event Of Human Error With A Professional Indemnity Insurance
Ideally, you have long since established fixed processes for processing payment orders and adhere to a multiple-eyes principle to protect yourself from the fake president trick. But if an attacker should manage to circumvent all your precautions, you’re covered by the Professional Indemnity Insurance through exali – even if third parties try to rip off your company.
Do you have any questions? Our insurance professionals in customer service are happy to help you – from Monday to Friday from 9:00 a.m. to 6:00 p.m. on +49 (0) 821 / 80 99 46 - 0. Alternatively, you can also reach us via e-mail (firstname.lastname@example.org).
Vivien Gebhardt is an online editor at exali. She creates content on topics that are of interest to self-employed people, freelancers and entrepreneurs. Her specialties are risks in e-commerce, legal topics and claims that have happened to exali insured freelancers.
She has been a freelance copywriter herself since 2021 and therefore knows from experience what the target group is concerned about.