The Fake President Trick: When Scammers Pretend to Be the CEO
“Hi, it’s me, the CEO. Can you transfer 4,000 euros to me quickly.” That may sound absurd, but it’s actually a popular scam used by cybercriminals: the so-called fake president trick or CEO fraud. The basic idea is similar to the well-known “grandchild trick”, but here the criminals pretend to be superiors in the company Despite a great deal of media attention, companies keep falling for the trick – even Facebook, Twitter and Google have been affected. Just like an exali customer in this recent damage event from Tallinn...
When the CEO Needs Gift Cards: A Real Exali Damage Event
In this real case, the CEO of a start-up from Tallinn in the software industry contacted our customer service because one of his employees had fallen for the fake president trick. What happened? One day, an employee at the start-up received an email from his CEO asking him for an unusual favour: He urgently needed Google Play Store gift cards worth 1,500 euros and couldn’t get them himself at the moment.
The employee went to several shops, bought 15 cards at 100 euros each and gave the supposed company founder the codes. He also sent photos of the cards as he was requested to do. But the CEO was still not satisfied with that and asked the employee to get more gift cards from other providers. That’s when the employee became suspicious and no longer responded to the emails. But unfortunately it was too late: The 1,500 euros paid for the cards were lost. Behind the supposed CEO was – Surprise! – not the real founder and CEO of the start-up, but a scammer.
CEO fraud: 1,500 Euros in Damage by Fraudsters
For the start-up insured via exali, the matter still had a happy ending, because the insurer paid the 1,500 euros minus the agreed deductible. We also advised the company to train the employees (even more) with regard to the dangers of cyber crime and to draw attention to the CEO fraud, because if the employee had been more aware of possible scams, he would have been able to see the signs the email sender was not the real CEO:
- The email contained a strange disclaimer in a different language
- The supposed CEO’s email address contained an ending unrelated to the company
- The alleged CEO put intense pressure on the employee, routinely telling him what to do next.
We have also summarised this case for you as a video:
By the way, this case isn’t the only time a company insured by exali fell for the fake president trick, as this real damage event shows: Fake CEO Steals More Than 3.000 Euros
Social Engineering: Exploiting Humanity
The fake president trick is one of the so-called social engineering attacks. Characteristics such as trust, helpfulness, fear and respect for authority are used to manipulate people. With the grandchild trick, for example, scammers call senior citizens and pretend to be distant relatives with the aim of swindling cash or valuables. With advancing digitisation, there are now also a whole range of similar scams such as WhatsApp messages from relatives who have allegedly lost their cell phone and urgently need money and the like.
But it’s not just seniors and small Estonian companies that fall for social engineering, even large corporations aren’t immune to it, as the following examples show.
Twitter Hijacked: 100,000 Euros in Damage
In July 2020, Twitter had their own struggle with social engineering when a whole bunch of users suddenly recommended investing in Bitcoin via a certain link. Among the accounts that spread this message were the verified accounts of Bill Gates, Barack Obama and Elon Musk, who also promised to double every dollar deposited. That sounds almost too good to be true? Of course it was.
However, it was not caused by a security hole in Twitter or a social management tool, it was caused by social engineering. According to Twitter, an employee had released the access data for an internal tool. The email addresses stored with the accounts were then changed there, allowing the cybercriminals to pretend to be verified accounts. It’s unclear whether the Twitter employee was deceived or bribed. The damage caused by the action was estimated at 120,000 dollars (just over 100,000 euros).
The Leoni Case: 40 Million Euros Gone.
Another prominent example of social engineering is the 2016 case of German automotive supplier Leoni. This is particularly spectacular because it cost the company a total of 40 million euros! The company transferred this amount to foreign accounts - which resulted, among other things, in the company’s shares rapidly crashing. Leoni didn’t explain exactly what had happened; an official statement only said that they had become a “victim of fraudulent activities using forged documents and identities as well as electronic communication channels”.
However, it’s likely that CEO fraud was also used here and the cybercriminals pretended to be board members and/or managing directors in order to deceive the employees. Leoni ultimately received 5 million euros back through fidelity insurance and worked on the case internally. Due to rule violations, there were also consequences for personnel, internal control systems were expanded and checked, and employees were trained in the fake president trick.
In this article we describe how important internal security measures and employee training are and how you can implement them for your business: Cyber Security for SMEs: How to Achieve Effective Safety Standards
CEO Fraud: Cybercriminals Are Getting Better and Better
You may be thinking it can’t happen to me! But the truth is, the fake president trick can be dangerous for any company. Because the scam is becoming more and more popular and criminals are getting more and more creative. It’s not just about clumsy emails these days. In the meantime, the fraudsters work with software that can imitate voices, for example, or deceptively genuine e-mails that even contain internal company information (which is often no longer the case nowadays because insider knowledge can also be requested via the Internet and social media). They also don’t always involve a direct transfer of funds; data is often requested and then used to block accounts and extort ransom.
Artificial Intelligence Can Imitate Voices
An energy supply company from Great Britain found out how deceptively real a voice simulation can be: Here the supposed CEO of the German parent company called and demanded the transfer of 220,000 euros to a supplier company, the money would then be reimbursed by the parent company. The fake CEO cited the time difference between Germany and Great Britain as the reason for the procedure and pointed out that the payment deadline would otherwise be missed. For the call, the cybercriminals used a program that perfectly imitated the voice of the German CEO, including the accent. The money was transferred as requested. When the fraud was noticed, the 220,000 euros were lost.
The Funk Group has also reported other fake president attacks over several years, which show a steep learning curve for the criminals, right through to real management consultants who were “integrated” into the fraud attempts.
Remote Work as a risk factor
Since the beginning of the corona pandemic, more and more companies have been allowing their employees to work from home - something that cybercriminals have also taken advantage of. For example, employees working remotely repeatedly received calls from the IT department in which they were asked to disclose their login data under a pretext. The cybercriminals then used the data to block access and only release it again after a ransom was paid. There are also cases in which the criminals sent emails to customers of a company and gave them supposedly new bank details for the premium payments.
How to Unmask the CEO fraud
First of all, the most important thing is that you keep yourself up to date on the current scams used by cybercriminals and inform your employees about them. These signs suggest a CEO fraud might be at work:
- The email doesn’t contain a signature or it is altered in some way.
- The salutation, the content of the email or the greeting deviate from the usual language used in the company
- You are addressed by your first-name when you are usually addressed by your surname
- Calls are made from a blocked number
- Requests to transfer money are not from the immediate supervisor, but from senior management (possibly even from subsidiaries or other locations of the company)
- Unusually large sums are to be transferred
Protecting Estonian Companies from CEO Fraud
The most important way to protect against social engineering attacks like the fake president trick is definitely employee training. This involves training in detecting fraudulent emails, but also includes other measures that minimise the risk of your company being taken in by scammers:
- Provide clear instructions on how payment orders and transfers are processed Every employee in the company must know who is allowed to issue payment orders and who is not
- Introduce a multiple-eyes principle, set it down in writing and ensure that the process can be viewed by all employees at all times
- Make it clear that the requirements must always be met, even with (supposedly) confidential transactions
- Carry out regular training, possibly with test emails (so-called social engineering tests)
Not Fake: Professional Indemnity Insurance from exali:
Whether it's CEO fraud, malware or any other cyber-crime scams: Your company is protected with Professional Indemnity Insurance from exali. Damage caused by social engineering or damage to trust by your own employees (e.g. reaching into the company coffers) are also insured under all insurance policies.
You can also extend your insurance cover with the First-Party Cyber and Data Risks Insurance (FPC) add-on. Then the insurer also covers the costs of restoring and cleaning up your own IT systems.
Contact our customer advisors for advice on our insurance products and work with them to put together the best possible solution. You can reach our customer service team by phone from Monday to Friday from 9:00 a.m. to 6:00 p.m. on +49 (0) 821 80 99 46-0 or by email using our contact form.
Calculate your premium now:
Who am I?
After a traineeship and a few years in corporate communications, I now work at exali as editor-in-chief of the online editorial department and am responsible for all content.
What do I enjoy?
Summer, travel, good food and football.
What do I dislike?
Travel by train, Brussels sprouts and slime.