We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

CEO fraud

Criminals are using CEOs' social media posts to trick employees into handing over money

Gardaí today warned of a significant increase this year in cases of invoice redirect fraud and what is know as ‘CEO fraud’.

GARDAÍ HAVE WARNED businesses and members of the public of a significant increase in certain types of fraud and have advised executives in businesses to be careful about what they share on social media. 

So far in 2019, 132 cases of invoice redirect fraud, or what’s know as ‘CEO fraud’, involving losses of €4.4 million have been reported to gardaí. In April alone, in excess of €2.2 million was stolen.

Victims include sports clubs, accountants, farmers, hospitals, schools, stockbrokers, pubs, hotels and motor dealers.

With invoice redirect fraud, a business will receive a phonecall or email from someone purporting to be one of their legitimate suppliers. They ask the business to change the bank account details for the supplier.

Then, when the real supplier sends in their next – legitimate – invoice, the payment from the company will go to the fraudsters’ bank account. In some cases the business does not realise it has been targeted until the legitimate supplier sends a reminder invoice for payment.

Speaking to reporters today, Chief Superintendent Pat Lordan of the Garda National Economic Crime Bureau said this is the strategy most commonly used, though in some cases, criminals may try what is known as CEO or CFO fraud. 

This involves the criminals pretending to be a high-ranking executive in a company asking an employee to do an urgent transfer to a business.

Chief Superintendent Lordan said often the real executive is away from the office, on holiday or a work trip, and has posted something on one of their social media accounts about this.

We’re putting too much information about where we are, what we’re doing up on social media. We get a lot of companies that say ‘oh my God we’ve been hacked, they’re in my system, it’s a computer hack’ and oftentimes it’s not.

The fraudsters are watching their accounts and seize the opportunity, giving the impression to the employee they contact that the executive is not in a position to make the payment themselves because they are away, but it needs to be done quickly.

In one example of an email, the fraudster wrote: ‘Please, I need to process a UK same-day payment urgently. Let me know when you’re available and how soon you can do it.’

“When the CEO comes back from holidays the guy or girl in the office says ‘By the way I looked after that while you were away’ and he goes ‘What? and that’s the first they know they’ve sent the money to the wrong account,” explained Lordan.

Phishing malware

Victims of this type of fraud range from very small businesses to large corporations.

We have an example of somebody buying a garden shed for €3,000. They get an email from their supplier and it says ‘when you’re making the payment next week please send it to these bank account details, we’ve moved banks since you bought the shed’ and low and behold the €3,000 goes to the criminal’s bank account. Then you are faced with still paying the €3,000 to your supplier.

Lordan said these fraud gangs are often using phishing malware on a business’ computer to gather information about suppliers and payments.

Gardaí have managed to recover €1.28 million in stolen funds however they said it can be difficult to recover the money once it is out of the jurisdiction. This is why early reporting by businesses and affected individuals is so important, they said.

IMG_20190515_144555 Superintendent Michael Cryan and Chief Superintendent Par Lordan.

Superintendent Michael Cryan spoke about a number of examples of recent cases where gardaí have managed to get the money back including a transfer of $1 million by a company based here.

It was swiftly reported to gardaí and with the assistance of the financial intelligence unit in Hong Kong, the money was blocked in an account and recovered.

Prevention is key

However, he and Chief Superintendent Lordan stressed that prevention is key here, as in many of the international cases gardaí will never even be able to find out where the criminals are operating.

They said employees should receive training in relation to avoiding this type of scam. In many cases an employee in the finance section of a company will make the bank details change and a more senior person who pays the invoice is not aware of the change.

They advise businesses and their employees to double-check with suppliers by calling a phone number they already have for the company – rather than one provided in a potentially fraudulent email asking for a change of bank details – to confirm the email is from them.

There are also online tools that can be used to check where the bank connected to the provided Iban is located.

“If you realise you’ve been scammed, don’t start looking internally, don’t start investigating internally. Pick up the phone, ring the bank and ring the gardaí and if it’s only a few days there’s some hope that we can get it back, but after that it’s quite difficult to get it back,” Lordan said. 

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel