Cyber Deception - A New Threat to Small/Medium Size Companies

Emerging Threat

We have recently seen a wave of claims from clients involving fraudulent fund transfer requests from senior executives. The typical scenario goes something like this:

  • The company’s server is hacked with the intruder gaining access to the calendar, contacts, and email of a senior executive (usually the CEO or President).
  • The intruder then creates a fake email account almost identical to the executive’s actual address.
  • At a time when the executive is out of town, an email is sent from the fake account to the CFO or Controller with instructions to wire funds – typically $35,000 or more – to a bank account.
  • The financial person typically complies since the instruction appears to be coming from the CEO or President. A few days later when the executive returns to the office, the CFO or Controller follows up for documentation on the transfer and the scam is discovered. Unfortunately, by then, the money is long gone.

Small to medium size companies are the most likely targets as they tend to have less formal and rigorous controls. All companies should review their internal financial control processes to prevent such frauds as well as their insurance coverage to ensure there is some protection in place in the event a fraud is not discovered until it is too late.

If you would like more information, please contact your Equity Risk Partners representative, or email info@equityrisk.com.