Social engineering or ‘CEO fraud'
Social engineering, which is also referred to as ‘CEO fraud', often consists of a phone call at work: ‘This is your CEO speaking. I am placing my trust in you to carry out an urgent bank transfer. Please keep this confidential.'
The aim of social engineering is to steal the identity of the ordering party via any channel (e-mail, telephone, etc.). The objective is the misappropriation of information or funds.
The fraudster puts the person under pressure to carry out the transaction quickly by insisting that it is extremely urgent or confidential.
By pretending to be a senior representative of the company, the scam places the employee in a situation of hierarchical subordination. This provides the fraudster with a powerful tool to manipulate his victim. He therefore abuses the authority which the victim attributes to him: ‘This is an order. I instruct you to maintain the utmost discretion,' while, at the same time, praising the employee, ‘I have faith in you; you are the only one capable of carrying out this transaction.'
A variation of the fraud consists of convincing the victim to change the beneficiary account on a legitimate invoice.
Do the right thing:
- Limit the distribution of information (social networks, websites, signatures, etc.)
- Implement secure internal procedures (i.e. double checks, limited access to sensitive information)
- Raise awareness among your employees, particularly those in the accounting and financial departments
- Exercise caution in the event of urgent or confidential procedures which do not respect internal regulations
- Be wary of any unusual bank transfer which you have to sign or countersign