10.12.2024 - Over the past week, the NCSC has received numerous reports of attempted CEO fraud phishing scams. Churches, schools, associations and political parties are particularly affected as they often publish a lot of information on their websites that criminals can use to create credible scams. The scammers' aim is to get victims to make payments or buy gift cards online and send them the codes so that the scammers can redeem them.
Week 49: Churches, schools, associations and political parties increasingly the victims of CEO scams
What are CEO fraud phishing scams?
CEO fraud phishing scams (often referred to simply as ‘CEO scams’ or ‘CEO fraud’) are a type of scam in which criminals pose as senior executives such as managing directors or CEOs. They email employees or line managers with urgent requests to transfer money or buy gift cards.
Recently, churches, schools, associations and political parties have been increasingly targeted. These institutions often have information on their websites about who does what in their organisation, which is useful to the scammers. Their aim is to persuade their victims to buy gift cards and send them the codes so that the scammers can use them, or pressure their victims into making a supposedly urgent money transfer.
The messages are often very persuasive. They claim that the request is urgent or that there will be serious consequences if the victim doesn’t do what is asked. By creating time pressure, the scammer ensures that the victim has little time to think about what is happening. Awareness of the dangers of this type of fraud, internal checks and a healthy dose of suspicion are therefore important in preventing CEO scams.
How does it work?
If you are targeted by a CEO scam, you will receive an email purporting to be from your school principal, church council president, pastor, president of your association, or political party leader – whatever applies in your situation. They'll usually say that they can't talk on the phone right now, but they need you to do an urgent job for them. What was particularly interesting about the reports we received was that the senders often had an Outlook email address that looked like this: firstname.surname.companyname@outlook.com.
If you take the bait and reply to the email, a more specific request will follow. Typically, the scammers ask you to buy gift cards (e.g. from Apple, Steam or Google) for several hundred francs. You should then email them the codes for the gift cards. Your money is gone the moment the scammers redeem the gift cards.
Recommendations
- Raise awareness of CEO fraud phishing among all employees, board members, etc. This is particularly important for people in key positions such as school principals, association presidents and anyone else who is authorised to make payments for the company, association or organisation;
- Make employees aware that targeted attacks can be carried out using publicly available information;
- Limit the amount of information about employees or members of your organisation that you share on your website. Only share what is absolutely necessary;
- Be careful who you share internal information with and be suspicious of money transfer requests. Do not respond to unusual payment requests and do not allow yourself to be put under time pressure;
- Your organisation should have clearly defined procedures for money transfers that are strictly followed by all employees (e.g. that money transfers must be approved by at least two people).
Current statistics
Last week's reports by category:
Last modification 10.12.2024
