The fake CEO – Kroll reveals the latest tricks used by fraudsters

When a company is hit by fraud, more often than not, it’s an inside job. A typical internal fraudster’s traits may or may not be spotted by the trained eye – previous form, a gambling addiction, financial problems, the list goes on. But the unwitting accomplice is an equally dangerous threat to any business, as illustrated by a trend in some of Kroll’s recent cases.

Kroll has seen several cases of a particularly effective type of fraud, perpetrated by unsuspecting employees who are simply trying to go the extra mile for their boss. These individuals are all trustworthy people, keen to impress their CEOand most importantly, they all work for foreign subsidiaries of international companies. They’ve never been to Head Office; for them it’s just a glossy image on the website. As for the CEO and the CFO, the closest they’ve come to them is reading their profile online, or hearing them speak on a webcast, often in a language that’s not their mother tongue.

In these cases, thedeception begins when the employee receives a call, out of the blue, from somebody senior at head office. To them, the voice at the end of the line belongs to someone very important who,until now, has never given them the time of day. Suddenly, they’re taking them into their confidence, asking for help witha matter so important, so confidential, that it needs to be kept away from HQ, hence why they’rebeing contacted.

It might be an acquisition, a tax issue, a deal, an asset purchase; whatever the reason, it’s urgent and the circle of knowledge must be kept tight. All the unwitting employee needs to do is make a couple of wire transfers, which will be returned within a few days. A lawyer will be in touch with the details, but the transaction is so confidential at this stage, it is best if communications are kept off the company IT network. If the employee could just provide their private email address, the wire instructions will be sent through straight away by a lawyer.

And so it starts.The long serving, diligent employee feels honoured and trusted by the senior manager to assist in executing a business critical transaction. Of course they’re nervous and unsure, but they also have a growing feeling of self-importance. Innocently, and totally out of character, they wirehundreds of thousands of Euros to accounts in foreign countries; Cyprus, China, Hong Kong, Dubai, somewhere far afield and most importantly, outside their jurisdiction. These are significant sums, but not normally enough to raise alarm bells, or fall outside daily banking transfer limits. With barely even a thought, the employeebypasses their own controls, because they are being told to do so and they believe it’s in the interest of the company.

During the course of a few days, maybe a week, the employee is subject to constant pressure; a barrage of calls to their mobile and work numbers from the ‘CEO’, at all hours of the day and night. Can they send confirmation of the transfer? Has it gone through? Are they sure? They’ll receive further instructions shortly for the next payment. Constant thanks and appreciation for all that they’re doing for the company. He’ll make sure he personally thanks them when he’s next in town. And so it continues. The second transfer request is always for much more, and is sent, again to a foreign account.

Eventually, the burden becomes too much, and the employee tells their immediate boss, to seek reassurance. At this point, it quickly becomes clear to the mortified employee that the person on the end of the phone was not the CEO, but instead, a member of an organised, criminal network, who has been specifically targeting them and their peers, as part of the latest fraud.

At the point that Kroll is called in to investigate, the main objectives are to recover the cash and help the company work out who was involved. The victim’s colleagues are incredulous that they could have been so naïve and behaved so out of character.

Recoveries are possible, if a company acts quickly and obtains the right civil orders in time to freeze the funds. But the fraudsters are clever. They know that the involvement of multiple jurisdictions will complicate and slow down the effectiveness of local police. The civil orders often provideinformation as to the beneficiaries of the accounts which, when investigated,will typically link back to known criminal networks, not the employee.

So what can companies do to protect themselves? Controls are only effective if your employees feel empowered to question authority without recourse. But there’s a wider and more concerning point that Kroll has identified.

Before contacting the employee, the fake CEOs- the fraudsters – were able to glean enough information from a few simple Google searches and pretext calls to reception and other staff, to drop in some well thought out comments and reassure the employee that they were genuine.

Knowledge of who their direct reports were, mobile numbers, working hours, even banking relationships and who was on holiday. How? From the company’s website, by connecting endless LinkedIn profiles of employees who diligently set out their responsibilities and from innocent comments made by unwitting PAs and receptionists.

These cases not only highlight the need for rigorousinternal controls and regular training, they also stress the importance of protecting sensitive information about your company and employees. Information that may seem perfectly harmless in isolation, but when pieced together, it can create an all too realistic illusion to tempt even your most loyal and conscientious staff to unwittingly expose your company to fraud.

Zoë Newman is a Managing Director within Kroll Advisory Solution’sGlobal Financial Investigations practice




Related Articles