Written by Steven Randall, Partner, Vonya Global
There are many articles and reports published on the top risks that the organizations are facing today and the emerging risks for future. While regulatory risk, IT risk, strategic risk, and environmental risk among others seem to be the most common, cyber crime is a risk that can’t be ignored.
Cyber crime risk is a threat that targets us every day. A simple click of a mouse or touch pad could spell demise. The only way to prevent it is to increase the awareness of the risks, and make education a pivotal part of management’s communication plan. There is a recent scheme that needs attention and increased awareness.
Fictitious CFO emails, a new scam
It seems like every day someone becomes a victim of a new scam. Scammers use email, online ads, pop ups, and search results to trick you into sending them money and personal information. We just became aware of a new scam that has already cost corporations tens of thousands of dollars. Here is how it works:
- The real CFO leaves town. The CEO is not reachable. With this intelligence, an email gets sent to the person authorized to disburse funds, e.g. the Treasurer or the Controller from an outside email address disguised to look like the CFO’s. The CEO is typically cc’d. The email instructs for an immediate payment. Upon further inquiry back to the “fictitious CFO/CEO” a pressure tactic is used to do as instructed, otherwise the person will lose their job.
- The email of course is a complete hoax and the attached invoice includes wiring instructions to a fraudulent bank account. The threatening email from the CFO/CEO is sometimes enough for the employee to take action and as soon as the transfer is made, the money is gone forever.
Does this seem unrealistic? At the time I typed this, I knew of 2 companies who had fallen victim to this scam and a 3rd that fortunately caught it at the last minute.
If you get an email from the Senior Management requiring you to take drastic and immediate action, you better make sure the instructions are valid before you act.
This blog post was authored by Steven Randall. Steve is a Managing Partner with Vonya Global, a premier provider of internal audit co-sourcing, outsourcing, and consulting services; a member of the Institute of Internal Auditors (IIA) Chicago Chapter Board of Governors; a Director of the Adler-Caris Foundation, a not-for-profit dedicated to raising funds for Alzheimer’s Disease research; the President of the Oz Park Baseball Association, a not-for-profit organization dedicated to providing fundamental based baseball in a safe environment in the city of Chicago; and an Advisory Board Member of the Chicago Youth Baseball Initiative, a University of Illinois at Chicago community group dedicated to providing Chicago youth with the opportunity to play baseball in a fun and safe environment, while offering educational experiences on a world-class college campus. If you would like more information about Vonya Global or if you have a question for Steve, you may contact him through this blog, the company website, twitter, or his LinkedIn Profile.