Have you ever received an unusual request from your manager to transfer money at short notice? It can happen and it may well be quite normal. But cyber criminals can also exploit the hierarchy in an organisation to get their hands on large sums of money.
In the case of CEO fraud, criminals pretend to be a senior manager or CEO. They can do this in various ways but what usually happens is this: a staff member of the finance department receives an e-mail from their manager asking them to transfer a large sum of money to a foreign account. This needs to be done quickly and not according to normal procedures. If the deception works, the money is transferred to the criminals.
Before you receive an e-mail, a huge amount of preparatory work will have been done. The cyber criminals gather information on your organisation, who your manager is, how they communicate and the procedures you use. The details may be checked by a third party such as a law firm (which is also in on the scam), all in an effort to make things as plausible as possible. They make it seem really urgent and tell you that it is confidential, so you're less inclined to check the payment or to consult with your colleagues.
Given the urgency of the situation (the payment must be made quickly) and the distance between the employee and their manager, the employee often ignores the standard procedures and transfers the money... to the criminals. And a loss of this kind won't be insured because the employee has carried out the transaction themselves.
According to the FBI, more than $5 billion has already been lost through this type of fraud and dozens of these crimes have already been reported in the Netherlands (source). So, be wary of CEO fraud and don't fall victim to it.
Will you recognise cyber imposters?