How many emails do you receive a day? For most people, it is a lot. Building upon this, how often do these emails contain a request that is urgent and time-sensitive? Again, for most people, this will be very common. Business is naturally time crucial, wanting to settle matters as quickly as possible is second nature, it is expected.
Importantly, although urgency can aid a business’ ability to thrive, it can also be a major flaw. It can lead to oversight of the suspicious activity.
In the world of business, and no doubt many individuals’ personal lives too, this type of oversight has often led to funds mistakenly being transferred into fraudulent accounts.
In cases where fraudsters act as ‘bogus bosses’ sending out emails requesting funds, staff blindly following orders can lead to serious losses. Many employees will have their guard down when they receive an urgent email from a boss.
According to an article from the INFOSEC, this type of “CEO fraud” is costing businesses across the globe millions (if not billions) a year. Several other articles have also reported the impact of bogus boss fraud emails, including BBC, The Geek Guys and RBS.
For example, the accounts department receives an email from a board member requesting payment of funds, perhaps to settle a court case or to enable an important deal. This in itself is not out of place, and it would not be uncommon for such emails to inspire urgency.
However, although the email seems genuine, that may not be the case. A criminal after doing some reconnaissance into the company’s high-level staff and those who are in control of payments may successfully spoof a request to defer funds into their own fraudulent accounts. This reconnaissance leads to greater ‘success’ for the fraudster but, more worryingly, a greater impact on the business’s financial health.
Using the guise of a ‘bogus boss’ uniquely increases the likelihood for many honest and hard-working employees to redirect payments to a fraudster. A way to mitigate the risk here is to ensure that your staff are provided with regular and quality training, fraudsters are constantly improving their craft and it will take diligence to stay ahead of them. It is also worth creating strict policies and procedures for when payment details are sent and received, a simple technique could be to require that any account details and any changes to them are verified through two forms of media, i.e. via email and a telephone call. Please use the contact form to reach out to us if you would like more information on training or policies and procedures to best protect your business.
Furthermore, with a sudden and drastic increase in the number of individuals now working from home due to the impact of Covid, Nicholls Law cannot help but wonder what impact these types of ‘bogus boss’ emails will have on businesses going forward? Staff newly working from home, eager to show they are working hard, might be fooled more easily than they would have been while working in an office environment.
Moreover, this interesting article by Financial Times reiterates those fears, as they reported a sharp rise in attempted scams in the weeks at the start of the first lockdown.
If your business or you personally have been affected by ‘bogus boss fraud emails’ or other types of fraud, please contact us for a FREE initial consultation.