An order from a fake supervisor

Be careful, when you receive an email from the company’s finance director containing a request to make an urgent transfer.

Various corporate fraud schemes are increasingly used not only around the globe but also here in Latvia. An email supposedly received from one's supervisor with a request to make an urgent money transfer is one of the most dangerous types of fraud that can result in large losses to the company.

It is not uncommon that a new, careless or quite contrary, too efficient an employee willing to please his/her boss may fail to assess the risks. Not only the transfer of the specified account may turn out to be dangerous, but also the provision of information about the direct areas of responsibility of one’s peers.

Careful analysis

As a rule, before sending the letter, the authors of bogus emails carry out a thorough analysis, the most detailed nuances are identified out about the alleged “author” as well as the recipient of the letter. Nowadays it is not that difficult – browsing the publicly available information about the persons of interest and the people with whom they are associated professionally or privately (e.g. company registers, official websites and Facebook or LinkedIn social networks) may suffice.

The next step would be making a call to the peers of the relevant people with a view to finding out, allegedly on behalf of business partners or other professionally interested people, the specific areas of responsibility and the representatives thereof, including the names of the employees in charge of the execution of payments.

Similar names and e-mail addresses

Having aggregated the required information, fraudsters would set up a company that has a similar name to that of the business partner or would set up an email address similar to that used by the business partner and different by one or two symbols.

It is not uncommon that fraudsters pick a branch of an international company often located abroad, pretending to be an executive (the managing director or finance director) or a trusted business partner (the lawyer, notary public, auditor, or the accountant).

Rushing and fear

Having completed the preparatory works, an order approving the effecting of a payment of a substantial amount is given to the person in charge. Fraudsters often present themselves as executives to avoid any queries to the “boss” on part of the employees or cite the lack of time or confidentiality as reasons for deviations from the standard procedure. Previously aggregated information as well as the psychological weaknesses of employees are also employed for persuasion purposes.

A pending tax audit, fees for legal services or an ongoing confidential transaction can be cited as the reason for the transfer. A counterfeit money transfer document on the paper with the company’s letterhead and bearing the signatures of the managing directors or a call on behalf of the company's lawyer may be received after the payment request.

Globally and in Latvia

According to the Europol data, this type of fraud emerged between 2007 and 2008. First, mainly French companies were exposed, however later this type of fraud spread to other European countries as well as to the United States. It is currently considered a global threat. According to official calculations, since 2010, in France alone, 15,000 various companies, including Michelin, KPMG and Nestle, have suffered losses of about 465 million euros, becoming victims of this type of fraud.

There have been a number of similar fraud attempts in Latvia, too, e.g., emails had been sent to the tenants of a shopping centre notifying them of the change of the centre’s bank account. Luckily, the administration of the centre was timely alerted of such letters and managed to notify their tenants that the centre's details would remain unchanged and that the email had been received from fraudsters.

How to prevent such fraud?

1. Inform your employees that this type of fraud is being used currently.

2. Establish standard work procedures and require greater care in emergency situations.

3. Use the corporate email for asking detailed questions.

4. Check the authenticity of any unusual request, by calling the person who issued the order.

5. Do not use the information provided during the call or in the e-mail, instead find the data stored in the company's contacts.

6. Be cautious when handling urgent or confidential requests, which contradict the standard work procedure – such requests are usually made at the time when it is difficult to locate the employees who could help challenge them (i.e., at the end of the working day, during lunch time, holidays, during the annual leave of executives, etc.).

Jānis Meistars,
Journalist