Home / News&Stories /

The Fake President Trick: When Scammers Pretend to Be the CEO

CEO Fraud: Cases and Tips

The Fake President Trick: When Scammers Pretend to Be the CEO

Post by Ines RietzlerPost by Ines RietzlerAuthor

Monday, 30 May 2022

Back to the overview

“Hi, it’s me, the CEO. Can you transfer 4,000 euros to me quickly.” That may sound absurd, but it’s actually a popular scam used by cybercriminals: the so-called fake president trick or CEO fraud. The basic idea is similar to the well-known “grandchild trick”, but here the criminals pretend to be superiors in the company Despite a great deal of media attention, companies keep falling for the trick – even Facebook, Twitter and Google have been affected. Just like an exali customer in this recent damage event from Amsterdam...

When the CEO Needs Gift Cards: A Real Exali Damage Event

In this real case, the CEO of a start-up from Amsterdam in the software industry contacted our customer service because one of his employees had fallen for the fake president trick. What happened? One day, an employee at the start-up received an email from his CEO asking him for an unusual favour: He urgently needed Google Play Store gift cards worth 1,500 euros and couldn’t get them himself at the moment.

The employee went to several shops, bought 15 cards at 100 euros each and gave the supposed company founder the codes. He also sent photos of the cards as he was requested to do. But the CEO was still not satisfied with that and asked the employee to get more gift cards from other providers. That’s when the employee became suspicious and no longer responded to the emails. But unfortunately it was too late: The 1,500 euros paid for the cards were lost. Behind the supposed CEO was – Surprise! – not the real founder and CEO of the start-up, but a scammer.

CEO fraud: 1,500 Euros in Damage by Fraudsters

For the start-up insured via exali, the matter still had a happy ending, because the insurer paid the 1,500 euros minus the agreed deductible. We also advised the company to train the employees (even more) with regard to the dangers of cyber crime and to draw attention to the CEO fraud, because if the employee had been more aware of possible scams, he would have been able to see the signs the email sender was not the real CEO:

The email contained a strange disclaimer in a different language
The supposed CEO’s email address contained an ending unrelated to the company
The alleged CEO put intense pressure on the employee, routinely telling him what to do next.

We have also summarised this case for you as a video:

Tip:

By the way, this case isn’t the only time a company insured by exali fell for the fake president trick, as this real damage event shows: Fake CEO Steals More Than 3.000 Euros

Social Engineering: Exploiting Humanity

The fake president trick is one of the so-called social engineering attacks. Characteristics such as trust, helpfulness, fear and respect for authority are used to manipulate people. With the grandchild trick, for example, scammers call senior citizens and pretend to be distant relatives with the aim of swindling cash or valuables. With advancing digitisation, there are now also a whole range of similar scams such as WhatsApp messages from relatives who have allegedly lost their cell phone and urgently need money and the like.

But it’s not just seniors and small Dutch companies that fall for social engineering, even large corporations aren’t immune to it, as the following examples show.

Twitter Hijacked: 100,000 Euros in Damage

In July 2020, Twitter had their own struggle with social engineering when a whole bunch of users suddenly recommended investing in Bitcoin via a certain link. Among the accounts that spread this message were the verified accounts of Bill Gates, Barack Obama and Elon Musk, who also promised to double every dollar deposited. That sounds almost too good to be true? Of course it was.

However, it was not caused by a security hole in Twitter or a social management tool, it was caused by social engineering. According to Twitter, an employee had released the access data for an internal tool. The email addresses stored with the accounts were then changed there, allowing the cybercriminals to pretend to be verified accounts. It’s unclear whether the Twitter employee was deceived or bribed. The damage caused by the action was estimated at 120,000 dollars (just over 100,000 euros).

The Leoni Case: 40 Million Euros Gone.

Another prominent example of social engineering is the 2016 case of German automotive supplier Leoni. This is particularly spectacular because it cost the company a total of 40 million euros! The company transferred this amount to foreign accounts - which resulted, among other things, in the company’s shares rapidly crashing. Leoni didn’t explain exactly what had happened; an official statement only said that they had become a “victim of fraudulent activities using forged documents and identities as well as electronic communication channels”.

However, it’s likely that CEO fraud was also used here and the cybercriminals pretended to be board members and/or managing directors in order to deceive the employees. Leoni ultimately received 5 million euros back through fidelity insurance and worked on the case internally. Due to rule violations, there were also consequences for personnel, internal control systems were expanded and checked, and employees were trained in the fake president trick.

Tip:

In this article we describe how important internal security measures and employee training are and how you can implement them for your business: Cyber Security for SMEs: How to Achieve Effective Safety Standards

CEO Fraud: Cybercriminals Are Getting Better and Better

You may be thinking it can’t happen to me! But the truth is, the fake president trick can be dangerous for any company. Because the scam is becoming more and more popular and criminals are getting more and more creative. It’s not just about clumsy emails these days. In the meantime, the fraudsters work with software that can imitate voices, for example, or deceptively genuine e-mails that even contain internal company information (which is often no longer the case nowadays because insider knowledge can also be requested via the Internet and social media). They also don’t always involve a direct transfer of funds; data is often requested and then used to block accounts and extort ransom.

Artificial Intelligence Can Imitate Voices

An energy supply company from Great Britain found out how deceptively real a voice simulation can be: Here the supposed CEO of the German parent company called and demanded the transfer of 220,000 euros to a supplier company, the money would then be reimbursed by the parent company. The fake CEO cited the time difference between Germany and Great Britain as the reason for the procedure and pointed out that the payment deadline would otherwise be missed. For the call, the cybercriminals used a program that perfectly imitated the voice of the German CEO, including the accent. The money was transferred as requested. When the fraud was noticed, the 220,000 euros were lost.

The Funk Group has also reported other fake president attacks over several years, which show a steep learning curve for the criminals, right through to real management consultants who were “integrated” into the fraud attempts.

Remote Work as a risk factor

Since the beginning of the corona pandemic, more and more companies have been allowing their employees to work from home - something that cybercriminals have also taken advantage of. For example, employees working remotely repeatedly received calls from the IT department in which they were asked to disclose their login data under a pretext. The cybercriminals then used the data to block access and only release it again after a ransom was paid. There are also cases in which the criminals sent emails to customers of a company and gave them supposedly new bank details for the premium payments.

How to Unmask the CEO fraud

First of all, the most important thing is that you keep yourself up to date on the current scams used by cybercriminals and inform your employees about them. These signs suggest a CEO fraud might be at work:

The email doesn’t contain a signature or it is altered in some way.
The salutation, the content of the email or the greeting deviate from the usual language used in the company
You are addressed by your first-name when you are usually addressed by your surname
Calls are made from a blocked number
Requests to transfer money are not from the immediate supervisor, but from senior management (possibly even from subsidiaries or other locations of the company)
Unusually large sums are to be transferred

Protecting Dutch Companies from CEO Fraud

The most important way to protect against social engineering attacks like the fake president trick is definitely employee training. This involves training in detecting fraudulent emails, but also includes other measures that minimise the risk of your company being taken in by scammers:

Provide clear instructions on how payment orders and transfers are processed Every employee in the company must know who is allowed to issue payment orders and who is not
Introduce a multiple-eyes principle, set it down in writing and ensure that the process can be viewed by all employees at all times
Make it clear that the requirements must always be met, even with (supposedly) confidential transactions
Carry out regular training, possibly with test emails (so-called social engineering tests)

Not Fake: Professional Indemnity Insurance from exali:

Whether it's CEO fraud, malware or any other cyber-crime scams: Your company is protected with Professional Indemnity Insurance from exali. Damage caused by social engineering or damage to trust by your own employees (e.g. reaching into the company coffers) are also insured under all insurance policies.

You can also extend your insurance cover with the First-Party Cyber and Data Risks Insurance (FPC) add-on. Then the insurer also covers the costs of restoring and cleaning up your own IT systems.

Contact our customer advisors for advice on our insurance products and work with them to put together the best possible solution. You can reach our customer service team by phone from Monday to Friday from 9:00 a.m. to 6:00 p.m. on +49 (0) 821 80 99 46-0 or by email using our contact form.

Calculate your premium now:

Your annual net turnover (last 12 months)

<span class='visible--desktop'>First-Party Cyber and Data Risks Insurance (FPC)</span> <span class='visible--tablet'>First-Party Cyber and Data Risks Insurance (FPC)</span> <span class='visible--mobile'>FIrst-Party Cyber and Data Risks Insurance (FPC)</span>

<span class='visible--desktop'><p><strong>This add-on protects your business from the risk of hacking, DDoS attacks or other internet crime.</strong></p> <p>Reimbursed/covered:<strong> </strong>for example costs for the <strong>restoration of your IT systems</strong>, the commissioning of professional <strong>computer forensics analysts</strong> or specialised <strong>lawyers</strong> (including criminal defence) as well as for <strong>crisis management & PR</strong>. Additional costs for the quick elimination or avoidance of an interruption to your business are also insured.</p> <h5>Further Examples of Damages We Insure</h5> <ul class="liste"> <li>Damage to your own IT systems (from hacking)</li> <li>First-party data rights claim (in particular spying on personal data)</li> <li>Expenses for an (imminent) interruption of business (additional cost coverage)</li> <li>Breach of trust damage (intentional damage to own IT by employees)</li> <li>Costs for criminal defence (internet criminal legal protection)</li> </ul> <h5>Insurer Services</h5> <p>The special benefit about this add-on is the assumption of your own <strong>costs</strong>, e.g. for the commissioning of:</p> <ul class="liste"> <li>Computer forensics specialists</li> <li>Specialised lawyers</li> <li>Consultants to provide information to data owners</li> <li>Professionals for PR & crisis management</li> <li>Credit protection and monitoring services</li> </ul> <p>as well as the assumption of <strong>additional costs, e.g. for the use of third-party IT and computer systems.</strong></p> </span> <span class='visible--tablet'><p><strong>This add-on protects your business from the risk of hacking, DDoS attacks or other internet crime.</strong></p> <p>Reimbursed/covered:<strong> </strong>for example costs for the <strong>restoration of your IT systems</strong>, the commissioning of professional <strong>computer forensics analysts</strong> or specialised <strong>lawyers</strong> (including criminal defence) as well as for <strong>crisis management & PR</strong>. Additional costs for the quick elimination or avoidance of an interruption to your business are also insured.</p> <h5>Further Examples of Damages We Insure</h5> <ul class="liste"> <li>Damage to your own IT systems (from hacking)</li> <li>First-party data rights claim (in particular spying on personal data)</li> <li>Expenses for an (imminent) interruption of business (additional cost coverage)</li> <li>Breach of trust damage (intentional damage to own IT by employees)</li> <li>Costs for criminal defence (internet criminal legal protection)</li> </ul> <h5>Insurer Services</h5> <p>The special benefit about this add-on is the assumption of your own <strong>costs</strong>, e.g. for the commissioning of:</p> <ul class="liste"> <li>Computer forensics specialists</li> <li>Specialised lawyers</li> <li>Consultants to provide information to data owners</li> <li>Professionals for PR & crisis management</li> <li>Credit protection and monitoring services</li> </ul> <p>as well as the assumption of <strong>additional costs, e.g. for the use of third-party IT and computer systems.</strong></p> </span> <span class='visible--mobile'><p>Protection against hacking damage to your own IT systems, DDoS attacks, computer misuse, theft of data carriers and other data rights violations and the majority of the resulting expenses and costs.</p> </span> <div class="spaceTop-20"> <div>If you have any further questions, our customer service is happy to help.</div> <div id="rechnerKontaktForm" class="spaceTop-10"> <div class="col-grid col-grid--flush"> <div class="visible--mobile"> <div id="rkfPhone" class="service-item service-item--phone col col--10 text--center no-margin"> <a href="tel:+498218099460" class="rkfPhone--nr" data-eventpush="eventPush_phone_info"> +49 (0) 821 / 80 99 46 - 0 </a> </div> <div class="col col--2 no-margin no-padding position-relative"> <button type="button" class="close modal-info__close" data-dismiss="modal" aria-hidden="true"></button> </div> </div> <div class="hidden--mobile"> <div class="rechnerKontaktForm--no-mobile"> <div id="rkfCallback" class="service-item service-item--callback col col--tablet--4 no-margin"> <span data-eventpush="eventPush_callback_info"> Request call-back </span> </div> <div id="rkfMail" class="service-item service-item--mail col col--tablet--4 text--center no-margin"> <span data-eventpush="eventPush_mail_info"> Contact us </span> </div> <div id="rkfPhone" class="service-item service-item--phone col col--tablet--4 text--right no-margin"> <a href="tel:+498218099460" data-eventpush="eventPush_phone_info"> +49 (0) 821 / 80 99 46 - 0 </a> </div> </div> </div> </div> </div> <div class="hidden--mobile"> <div class="infoKontaktForm"></div> <div class="text--right cursor-pointer spaceTop-10"> <a data-dismiss="modal" aria-hidden="true">Close</a> </div> </div> </div>

please wait ...

Author profile

Ines Rietzler

Formerly Chief Editor

Who am I?
After a traineeship and a few years in corporate communications, I now work at exali as editor-in-chief of the online editorial department and am responsible for all content.
What do I enjoy?
Summer, travel, good food and football.
What do I dislike?
Travel by train, Brussels sprouts and slime.

Author profile

Ines Rietzler

Formerly Chief Editor

Back

These articles might also interest you

How you Can Protect your Business against Critical Vulnerabilities in Operating Systems or Software

Real Exali Damage Event: Cyber Criminals Turn Consulting Firm into Bitcoin Mine!

5 Tips for Good Password Management in Business

Learning Programming for Freelancers – What’s the Point?

These articles might also interest you

How you Can Protect your Business against Critical Vulnerabilities in Operating Systems or Software

Real Exali Damage Event: Cyber Criminals Turn Consulting Firm into Bitcoin Mine!

5 Tips for Good Password Management in Business

Learning Programming for Freelancers – What’s the Point?

0 Comments

Write a comment

Please fill in all areas marked as * required fields.

Name *

E-mail *

Website

Message *

By clicking the ‘Send’ button, the data entered in the above form will be collected and processed for the purpose of processing your request. All data is transmitted in encrypted form and only processed within the scope of the information in the data protection information. You have a right of objection with effect for the future.

Professional Indemnity

General

More Information

The Fake President Trick: When Scammers Pretend to Be the CEO

When the CEO Needs Gift Cards: A Real Exali Damage Event

CEO fraud: 1,500 Euros in Damage by Fraudsters

Social Engineering: Exploiting Humanity

Twitter Hijacked: 100,000 Euros in Damage

The Leoni Case: 40 Million Euros Gone.

CEO Fraud: Cybercriminals Are Getting Better and Better

Artificial Intelligence Can Imitate Voices

Remote Work as a risk factor

How to Unmask the CEO fraud

Protecting Dutch Companies from CEO Fraud

Not Fake: Professional Indemnity Insurance from exali: