2022 / Awareness / Fraud scam

CEO Fraud in Germany: Why the Fraud Scam Can Also Hit Your Company

CEO Fraud in Germany: Why the Fraud Scam Can Also Hit Your Company

CEO fraud is a threat to SMEs and corporations. CEO fraud is a scam that has recently become increasingly widespread. At its core, it involves cleverly manipulating or even impersonating a company’s boss in order to gain access to sensitive areas, files or company assets.

Most recently, it was predominantly deepfakes that played a leading role in the issue of CEO fraud. As attackers have become more brazen and fraudsters more ruthless, CEO fraud has become a serious and realistic security risk for companies. With the help of call ID spoofing, it becomes almost perfect fraud.

Today’s article is about how attackers go about it, what the details of the scams are, how great the danger really is, and how you can effectively prevent CEO fraud in your company.

The Real Danger of CEO Fraud in Germany

First of all, CEO fraud is not something that only happens in evening crime novels. Many years ago, for example, the police in NRW warned that cases had suddenly doubled. The various fraudsters scammed several million euros with the CEO fraud scam and made it increasingly difficult for law enforcement officials.

It is interesting to note that the police also warn that small and medium-sized companies can also become targets. While at first it was only the very large and often internationally active companies, small entrepreneurs are now also targeted. No wonder, really, because there is a lot to be gained here as well, although the risk and security barriers are usually inevitably lower than with the top corporations.

Because small companies often do not have a comprehensive compliance management system and are happy to save a euro or two when it comes to security, they are even the ideal target for a strategy such as CEO fraud. Large sums are diverted in this way with little effort. Because this works over and over again, the numbers in the CEO fraud field are rising, ensuring more and more aggrieved companies and entrepreneurs.

How the trick works by means of CEO fraud in companies

The scam itself is conceivably simple, yet quite sophisticated. By means of social engineering, i.e. the weak point of humans, money is to be diverted here.

Scammers first of all collect a lot of information. About the company itself, their employees and common internal procedures and processes. If the perpetrators know almost everything about the daily business, the real fraud begins. They call the accounting department as the supposed CEO, send appropriately manipulated emails, invoices or even use deepfakes for fake video calls.

CEO fraud generally does not always revolve around the eponymous CEO either. Basically, any decision maker can become a victim of this scam. After all, it’s just a matter of posing as a supervisor who has the appropriate authority and position to transfer funds or transmit data. The principle of the scam is therefore as simple as it is effective.

How to recognize and prevent the fraud

It is extremely difficult to prevent a method like CEO fraud. Fraudsters empathize with the company for a long time, know what makes employees tick, usually play the role of the boss in a very credible and authoritarian way. So preventing them is not necessarily the goal at all, but rather making employees aware of such attacks.

Employees should also be allowed to contradict the boss from time to time. If they feel they are being treated in an authoritarian manner, they will not react promptly even in the case of CEO fraud, or they will deliberately disregard your supposed instruction. However, it is significant that employees are made aware of safety. Emails must always, not only sometimes, be checked carefully. Instructions must be questioned and not carried out thoughtlessly. Especially for financial transactions, your company should also have a double layer of security, a kind of net, to protect against malicious fraudsters.

However, raising employee awareness is the be-all and end-all. If everyone knows that such CEO fraud attacks can occur, even in small and medium-sized companies, awareness will arise. An appropriate compliance management system will also help to avoid such hidden frauds to the greatest extent possible. However, attentive and trained employees are the best thing a company has at its disposal here to prevent CEO fraud.

CEO fraud must be taken seriously

The main reason why scammers get away with schemes like CEO fraud is that no one expects such hypocritical scams. That is exactly where the problem lies. Employees need to know that this kind of thing exists and takes place in real life, i.e. it is not just part of a crime show in the evening program. But so do the CEOs of the companies.

Security always costs money, often requires external staff, training and education, and is often complicated to implement. After all, simply replying to the email is easier than questioning its authenticity and checking who exactly the sender is. Asking the boss to make a referral usually seems more reasonable than asking him to verify.

But this is exactly what is needed to prevent or even thwart fraud. CEO fraud has become a serious issue in Germany and is a recurring occurrence. So don’t let it get that far in your company.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.