When the CEO Needs Gift Cards: A Real Exali Damage Event
In this real case, the CEO of a start-up from Paris in the software industry contacted our customer service because one of his employees had fallen for the fake president trick. What happened? One day, an employee at the start-up received an email from his CEO asking him for an unusual favour: He urgently needed Google Play Store gift cards worth 1,500 euros and couldn’t get them himself at the moment.
The employee went to several shops, bought 15 cards at 100 euros each and gave the supposed company founder the codes. He also sent photos of the cards as he was requested to do. But the CEO was still not satisfied with that and asked the employee to get more gift cards from other providers. That’s when the employee became suspicious and no longer responded to the emails. But unfortunately it was too late: The 1,500 euros paid for the cards were lost. Behind the supposed CEO was – Surprise! – not the real founder and CEO of the start-up, but a scammer.
CEO fraud: 1,500 Euros in Damage by Fraudsters
For the start-up insured via exali, the matter still had a happy ending, because the insurer paid the 1,500 euros minus the agreed deductible. We also advised the company to train the employees (even more) with regard to the dangers of cyber crime and to draw attention to the CEO fraud, because if the employee had been more aware of possible scams, he would have been able to see the signs the email sender was not the real CEO:
- The email contained a strange disclaimer in a different language
- The supposed CEO’s email address contained an ending unrelated to the company
- The alleged CEO put intense pressure on the employee, routinely telling him what to do next.
We have also summarised this case for you as a video:
Social Engineering: Exploiting Humanity
The fake president trick is one of the so-called social engineering attacks. Characteristics such as trust, helpfulness, fear and respect for authority are used to manipulate people. With the grandchild trick, for example, scammers call senior citizens and pretend to be distant relatives with the aim of swindling cash or valuables. With advancing digitisation, there are now also a whole range of similar scams such as WhatsApp messages from relatives who have allegedly lost their cell phone and urgently need money and the like.
But it’s not just seniors and small French companies that fall for social engineering, even large corporations aren’t immune to it, as the following examples show.
Twitter Hijacked: 100,000 Euros in Damage
In July 2020, Twitter had their own struggle with social engineering when a whole bunch of users suddenly recommended investing in Bitcoin via a certain link. Among the accounts that spread this message were the verified accounts of Bill Gates, Barack Obama and Elon Musk, who also promised to double every dollar deposited. That sounds almost too good to be true? Of course it was.
However, it was not caused by a security hole in Twitter or a social management tool, it was caused by social engineering. According to Twitter, an employee had released the access data for an internal tool. The email addresses stored with the accounts were then changed there, allowing the cybercriminals to pretend to be verified accounts. It’s unclear whether the Twitter employee was deceived or bribed. The damage caused by the action was estimated at 120,000 dollars (just over 100,000 euros).
The Leoni Case: 40 Million Euros Gone.
Another prominent example of social engineering is the 2016 case of German automotive supplier Leoni. This is particularly spectacular because it cost the company a total of 40 million euros! The company transferred this amount to foreign accounts - which resulted, among other things, in the company’s shares rapidly crashing. Leoni didn’t explain exactly what had happened; an official statement only said that they had become a “victim of fraudulent activities using forged documents and identities as well as electronic communication channels”.
However, it’s likely that CEO fraud was also used here and the cybercriminals pretended to be board members and/or managing directors in order to deceive the employees. Leoni ultimately received 5 million euros back through fidelity insurance and worked on the case internally. Due to rule violations, there were also consequences for personnel, internal control systems were expanded and checked, and employees were trained in the fake president trick.
CEO Fraud: Cybercriminals Are Getting Better and Better
You may be thinking it can’t happen to me! But the truth is, the fake president trick can be dangerous for any company. Because the scam is becoming more and more popular and criminals are getting more and more creative. It’s not just about clumsy emails these days. In the meantime, the fraudsters work with software that can imitate voices, for example, or deceptively genuine e-mails that even contain internal company information (which is often no longer the case nowadays because insider knowledge can also be requested via the Internet and social media). They also don’t always involve a direct transfer of funds; data is often requested and then used to block accounts and extort ransom.
Artificial Intelligence Can Imitate Voices
An energy supply company from Great Britain found out how deceptively real a voice simulation can be: Here the supposed CEO of the German parent company called and demanded the transfer of 220,000 euros to a supplier company, the money would then be reimbursed by the parent company. The fake CEO cited the time difference between Germany and Great Britain as the reason for the procedure and pointed out that the payment deadline would otherwise be missed. For the call, the cybercriminals used a program that perfectly imitated the voice of the German CEO, including the accent. The money was transferred as requested. When the fraud was noticed, the 220,000 euros were lost.
The Funk Group has also reported other fake president attacks over several years, which show a steep learning curve for the criminals, right through to real management consultants who were “integrated” into the fraud attempts.
Remote Work as a risk factor
Since the beginning of the corona pandemic, more and more companies have been allowing their employees to work from home - something that cybercriminals have also taken advantage of. For example, employees working remotely repeatedly received calls from the IT department in which they were asked to disclose their login data under a pretext. The cybercriminals then used the data to block access and only release it again after a ransom was paid. There are also cases in which the criminals sent emails to customers of a company and gave them supposedly new bank details for the premium payments.
How to Unmask the CEO fraud
First of all, the most important thing is that you keep yourself up to date on the current scams used by cybercriminals and inform your employees about them. These signs suggest a CEO fraud might be at work:
- The email doesn’t contain a signature or it is altered in some way.
- The salutation, the content of the email or the greeting deviate from the usual language used in the company
- You are addressed by your first-name when you are usually addressed by your surname
- Calls are made from a blocked number
- Requests to transfer money are not from the immediate supervisor, but from senior management (possibly even from subsidiaries or other locations of the company)
- Unusually large sums are to be transferred
Protecting French Companies from CEO Fraud
The most important way to protect against social engineering attacks like the fake president trick is definitely employee training. This involves training in detecting fraudulent emails, but also includes other measures that minimise the risk of your company being taken in by scammers:
- Provide clear instructions on how payment orders and transfers are processed Every employee in the company must know who is allowed to issue payment orders and who is not
- Introduce a multiple-eyes principle, set it down in writing and ensure that the process can be viewed by all employees at all times
- Make it clear that the requirements must always be met, even with (supposedly) confidential transactions
- Carry out regular training, possibly with test emails (so-called social engineering tests)
Not Fake: Professional Indemnity Insurance from exali:
Whether it's CEO fraud, malware or any other cyber-crime scams: Your company is protected with Professional Indemnity Insurance from exali. Damage caused by social engineering or damage to trust by your own employees (e.g. reaching into the company coffers) are also insured under all insurance policies.
You can also extend your insurance cover with the First-Party Cyber and Data Risks Insurance (FPC) add-on. Then the insurer also covers the costs of restoring and cleaning up your own IT systems.
Contact our customer advisors for advice on our insurance products and work with them to put together the best possible solution. You can reach our customer service team by phone from Monday to Friday from 9:00 a.m. to 6:00 p.m. on +49 (0) 821 80 99 46-0 or by email using our contact form.
Calculate your premium now:
<span class='visible--desktop'>First-Party Cyber and Data Risks Insurance (FPC)</span>
<span class='visible--tablet'>First-Party Cyber and Data Risks Insurance (FPC)</span>
<span class='visible--mobile'>FIrst-Party Cyber and Data Risks Insurance (FPC)</span>
<span class='visible--desktop'><p><strong>This add-on protects your business from the risk of hacking, DDoS attacks or other internet crime.</strong></p>
<p>Reimbursed/covered:<strong> </strong>for example costs for the <strong>restoration of your IT systems</strong>, the commissioning of professional <strong>computer forensics analysts</strong> or specialised <strong>lawyers</strong> (including criminal defence) as well as for <strong>crisis management & PR</strong>. Additional costs for the quick elimination or avoidance of an interruption to your business are also insured.</p>
<h5>Further Examples of Damages We Insure</h5>
<ul class="liste">
<li>Damage to your own IT systems (from hacking)</li>
<li>First-party data rights claim (in particular spying on personal data)</li>
<li>Expenses for an (imminent) interruption of business (additional cost coverage)</li>
<li>Breach of trust damage (intentional damage to own IT by employees)</li>
<li>Costs for criminal defence (internet criminal legal protection)</li>
</ul>
<h5>Insurer Services</h5>
<p>The special benefit about this add-on is the assumption of your own <strong>costs</strong>, e.g. for the commissioning of:</p>
<ul class="liste">
<li>Computer forensics specialists</li>
<li>Specialised lawyers</li>
<li>Consultants to provide information to data owners</li>
<li>Professionals for PR & crisis management</li>
<li>Credit protection and monitoring services</li>
</ul>
<p>as well as the assumption of <strong>additional costs, e.g. for the use of third-party IT and computer systems.</strong></p>
</span>
<span class='visible--tablet'><p><strong>This add-on protects your business from the risk of hacking, DDoS attacks or other internet crime.</strong></p>
<p>Reimbursed/covered:<strong> </strong>for example costs for the <strong>restoration of your IT systems</strong>, the commissioning of professional <strong>computer forensics analysts</strong> or specialised <strong>lawyers</strong> (including criminal defence) as well as for <strong>crisis management & PR</strong>. Additional costs for the quick elimination or avoidance of an interruption to your business are also insured.</p>
<h5>Further Examples of Damages We Insure</h5>
<ul class="liste">
<li>Damage to your own IT systems (from hacking)</li>
<li>First-party data rights claim (in particular spying on personal data)</li>
<li>Expenses for an (imminent) interruption of business (additional cost coverage)</li>
<li>Breach of trust damage (intentional damage to own IT by employees)</li>
<li>Costs for criminal defence (internet criminal legal protection)</li>
</ul>
<h5>Insurer Services</h5>
<p>The special benefit about this add-on is the assumption of your own <strong>costs</strong>, e.g. for the commissioning of:</p>
<ul class="liste">
<li>Computer forensics specialists</li>
<li>Specialised lawyers</li>
<li>Consultants to provide information to data owners</li>
<li>Professionals for PR & crisis management</li>
<li>Credit protection and monitoring services</li>
</ul>
<p>as well as the assumption of <strong>additional costs, e.g. for the use of third-party IT and computer systems.</strong></p>
</span>
<span class='visible--mobile'><p>Protection against hacking damage to your own IT systems, DDoS attacks, computer misuse, theft of data carriers and other data rights violations and the majority of the resulting expenses and costs.</p>
</span>
<div class="spaceTop-20">
<div>If you have any further questions, our customer service is happy to help.</div>
<div id="rechnerKontaktForm" class="spaceTop-10">
<div class="col-grid col-grid--flush">
<div class="visible--mobile">
<div id="rkfPhone" class="service-item service-item--phone col col--10 text--center no-margin">
<a href="tel:+498218099460" class="rkfPhone--nr" data-eventpush="eventPush_phone_info">
+49 (0) 821 / 80 99 46 - 0 </a>
</div>
<div class="col col--2 no-margin no-padding position-relative">
<button type="button" class="close modal-info__close" data-dismiss="modal" aria-hidden="true"></button>
</div>
</div>
<div class="hidden--mobile">
<div class="rechnerKontaktForm--no-mobile">
<div id="rkfCallback" class="service-item service-item--callback col col--tablet--4 no-margin">
<span data-eventpush="eventPush_callback_info">
Request call-back </span>
</div>
<div id="rkfMail" class="service-item service-item--mail col col--tablet--4 text--center no-margin">
<span data-eventpush="eventPush_mail_info">
Contact us </span>
</div>
<div id="rkfPhone" class="service-item service-item--phone col col--tablet--4 text--right no-margin">
<a href="tel:+498218099460" data-eventpush="eventPush_phone_info">
+49 (0) 821 / 80 99 46 - 0 </a>
</div>
</div>
</div>
</div>
</div>
<div class="hidden--mobile">
<div class="infoKontaktForm"></div>
<div class="text--right cursor-pointer spaceTop-10">
<a data-dismiss="modal" aria-hidden="true">Close</a>
</div>
</div>
</div>
<span class='visible--desktop'>Engineering Activities (ENG)</span>
<span class='visible--tablet'>Engineering Activities (ENG)</span>
<span class='visible--mobile'>Engineering Activities (ENG)</span>
<span class='visible--desktop'><p><strong>If you provide engineering services exclusively or in addition to IT/telecommunications, you can insure the liability risks with the „Engineering Activities“ endorsement.</strong></p>
<p>The Engineering Activities extension provides <strong>blanket coverage</strong>. This means that all engineering activities are covered without the need for listing each and every activity. Those listed in the engineering endorsement are therefore merely illustrative examples:</p>
<ul class="liste">
<li>Hardware and software development for machinery and plant, embedded software</li>
<li>Machinery and plant testing, commissioning support</li>
<li>Quality management and assurance</li>
<li>Technical drawing, CAD, CAM</li>
<li>Technical management consultancy, in particular purchasing, strategy, process design, activities as expert</li>
</ul>
<h5>Requirements for Engineering Insurance</h5>
<ul class="liste">
<li>You <strong>do not provide engineering services</strong>, plants, machinery or associated parts and/or <strong>planning</strong>.</li>
<li>You provide engineering products <strong>in a supporting and/or advisory capacity</strong> and are not responsible fort he final engineering product.</li>
<li>No machines, systems, engineering products or other parts shall be put into series production directly / <strong>without approval and acceptance</strong> by the principal (keyword: final sign-off).</li>
</ul>
<h5>Deductible</h5>
<p>The deductible for financial loss and property damage is the same as the deductible selected for the financial loss insurance (FLI).</p>
<p>For more information, please refer to <strong>Section A.7 "Engineering Activities (ENG)"</strong> of the Insurance Conditions.</p>
</span>
<span class='visible--tablet'><p><strong>If you provide engineering services exclusively or in addition to IT/telecommunications, you can insure the liability risks with the „Engineering Activities“ endorsement.</strong></p>
<p>The Engineering Activities extension provides <strong>blanket coverage</strong>. This means that all engineering activities are covered without the need for listing each and every activity. Those listed in the engineering endorsement are therefore merely illustrative examples:</p>
<ul class="liste">
<li>Hardware and software development for machinery and plant, embedded software</li>
<li>Machinery and plant testing, commissioning support</li>
<li>Quality management and assurance</li>
<li>Technical drawing, CAD, CAM</li>
<li>Technical management consultancy, in particular purchasing, strategy, process design, activities as expert</li>
</ul>
<h5>Requirements for Engineering Insurance</h5>
<ul class="liste">
<li>You <strong>do not provide engineering services</strong>, plants, machinery or associated parts and/or <strong>planning</strong>.</li>
<li>You provide engineering products <strong>in a supporting and/or advisory capacity</strong> and are not responsible fort he final engineering product.</li>
<li>No machines, systems, engineering products or other parts shall be put into series production directly / <strong>without approval and acceptance</strong> by the principal (keyword: final sign-off).</li>
</ul>
<h5>Deductible</h5>
<p>The deductible for financial loss and property damage is the same as the deductible selected for the financial loss insurance (FLI).</p>
<p>For more information, please refer to <strong>Section A.7 "Engineering Activities (ENG)"</strong> of the Insurance Conditions.</p>
</span>
<span class='visible--mobile'><p>The Engineering Activities extension provides <strong>blanket coverage</strong>.</p>
<h5>Requirements for Engineering Insurance</h5>
<ul class="liste">
<li>You <strong>do not provide engineering services</strong>, plants, machinery or associated parts.</li>
<li>You provide engineering products <strong>in a supporting and/or advisory capacity</strong>.</li>
<li>No machines, systems, engineering products or other parts shall be put into series production directly/<strong>without the client's approval</strong> (final sign-off).</li>
</ul>
<h5>Deductible</h5>
<p>Same as the deductible selected for the financial loss insurance (FLI).</p>
</span>
<div class="spaceTop-20">
<div>If you have any further questions, our customer service is happy to help.</div>
<div id="rechnerKontaktForm" class="spaceTop-10">
<div class="col-grid col-grid--flush">
<div class="visible--mobile">
<div id="rkfPhone" class="service-item service-item--phone col col--10 text--center no-margin">
<a href="tel:+498218099460" class="rkfPhone--nr" data-eventpush="eventPush_phone_info">
+49 (0) 821 / 80 99 46 - 0 </a>
</div>
<div class="col col--2 no-margin no-padding position-relative">
<button type="button" class="close modal-info__close" data-dismiss="modal" aria-hidden="true"></button>
</div>
</div>
<div class="hidden--mobile">
<div class="rechnerKontaktForm--no-mobile">
<div id="rkfCallback" class="service-item service-item--callback col col--tablet--4 no-margin">
<span data-eventpush="eventPush_callback_info">
Request call-back </span>
</div>
<div id="rkfMail" class="service-item service-item--mail col col--tablet--4 text--center no-margin">
<span data-eventpush="eventPush_mail_info">
Contact us </span>
</div>
<div id="rkfPhone" class="service-item service-item--phone col col--tablet--4 text--right no-margin">
<a href="tel:+498218099460" data-eventpush="eventPush_phone_info">
+49 (0) 821 / 80 99 46 - 0 </a>
</div>
</div>
</div>
</div>
</div>
<div class="hidden--mobile">
<div class="infoKontaktForm"></div>
<div class="text--right cursor-pointer spaceTop-10">
<a data-dismiss="modal" aria-hidden="true">Close</a>
</div>
</div>
</div>
Yes, switch to {{targetDomain}}
You indicated that your headquarter is in {{targetCountry}}. So we will redirect you to the corresponding version of exali, {{targetDomain}}. Settings that have been made may not be transferred. The premium and scope of the insurance policies offered may vary slightly depending on the country.
Would you like to switch to {{targetDomain}}?
No, stay on {{currentDomain}}
You indicated that your headquarter is in {{targetCountry}}. So we will redirect you to the corresponding version of exali, {{targetDomain}}. Settings that have been made may not be transferred. The premium and scope of the insurance policies offered may vary slightly depending on the country.
Would you like to switch to {{targetDomain}}?
Yes, switch to {{targetDomain}}
No, stay on {{currentDomain}}
