
Fraud Protection
Head back to our dedicated hub for the latest fraud trends and useful resources to help protect your business from cyber criminals.
CEO fraud, also known as Business Email Compromise (BEC), is a type of fraud that is enabled via social engineering. Social engineering is the manipulation of situations and people that results in the targeted individuals divulging confidential information. Fraudsters pretend to be a senior manager – often the CEO – in order to persuade a staff member to make a payment.
CEO fraud is a request, often made via email, purporting to come from a senior person in the company, normally to the accounts department, requesting an urgent payment to a supplier or partner.
The fraud attempt sometimes occurs when the senior person is out of the office, and the request may outline that the transaction is confidential and sensitive in order to discourage further verification.
For instance, the fraudster may try to convince the victim that their company is about to acquire another business, and the payment is needed as a down-payment for the confidential deal.
Derek has become an office legend simply by spotting scams and, in turn, saving his company big money. Want to know how he does it?
A client received an email purporting to be from the Financial Director instructing that 50% of an invoice be paid to an account. The payment of £75k required approval and was held for security checks by Barclays’ fraud prevention team.
When contacted by Barclays, the client confirmed the payment was genuine and it was released.
The client then received a second email which appeared to be genuinely from the Financial Director requesting the remaining 50% be paid to a different bank account. This payment was not held for any security checks.
The fraud was discovered when the genuine beneficiary reported that they had not received their payment. The client informed them of the bank accounts they had paid, and the supplier advised that the accounts did not belong to them.
It was not the client’s policy to verbally confirm payment instructions of this type as it appeared to be an internal email. The client believes that the email account belonging to the Financial Director had been compromised and reported it to their IT department for further investigation.
The fraudsters had moved the money before the alarm was raised, leaving only a small amount available for recovery.
If you believe you’ve fallen victim to a CEO fraud attack, contact us immediately. Our team will try to recover the money from the fraudster’s bank account. The quicker you alert your bank, the greater the chance of recovering the funds.
Report it to ActionFraud – the police’s national fraud and cyber crime reporting centre. Even if you’ve not suffered any financial loss, this will allow the police to analyse trends and help them to prevent fraudsters exploiting other companies. You can file a report via their website at www.actionfraud.police.uk^.
If you receive a suspicious email that appears to be from Barclays, please forward it to internetsecurity@barclays.co.uk and then delete it from your email account immediately.
If you have any queries, please speak to your Relationship Director.
If you fall victim to fraud on your Barclays payment channels, call the Online Fraud Helpdesk immediately on: 0330 156 0155*
Fraudulent attacks, even if unsuccessful, should be reported to Action Fraud by calling 0300 123 2040.
Head back to our dedicated hub for the latest fraud trends and useful resources to help protect your business from cyber criminals.
What is invoice fraud? This involves criminals impersonating your suppliers and sending fake invoices, or intercepting and changing genuine ones.
Latest insights