Business Email Compromise Scams (CEO Fraud)

Online scams are getting very creative with recent hackers impersonating an executive within the organization.

Impersonating the inter-company executive, the hacker asks for financial reports or they ask employees in payroll to make changes to bank accounts. Thinking the hacker is within the company, the employees release the information freely. According to Canadian Police statistics, their efforts have earned an estimated $12 billion through Business Email Compromise scams, also known as CEO fraud. Invoice fraud, escrow redirection, payroll fraud, and simple wire transfer fraud are all tools in the attacker’s arsenal.

Another scam circulating is when a person receives a telephone call from the local Tax Authority (Canada Revenue or IRS) saying back taxes are owed, or from a Police Service saying a fine for missing jury duty is owed. Do not be fooled by the Caller-ID. Caller-ID is very easy to fake. Some scammers will even give the victims a phony badge number, or correctly tell them the last four digits of their social security number or other personal information. Regardless of how plausible and convincing the caller seems do not give out any personal information, just hang up! The Canada Revenue Agency, Internal Revenue Service or any Police Agency that legitimately calls will not demand payment of fines, penalties, or tax bills.

Network Innovations advises that personal or account information should never be provided over a phone call, text message or email regardless of who is asking. If there is a need to share information, it should be done via the regular Postal Services. If there is a formal request for information the person asking for this information must send a letter via regular Post stating the reasons for the request and where the information is going and for what purpose.

As an effort to combat these type of scams, Network Innovations has a generic “Request for Information” document which requestors can fill out. This form complies with North American and European Union GDRP requirements.