Fake
President
Fraud
What is a fake president fraud?
These frauds have a very simple modus operandi
and, in most cases, that modus operandi is almost
identical. They typically involve an employee,
usually someone in their accounts department with
responsibility for making payments, being contacted
either by telephone or email by someone purporting
to be a senior officer of the company, typically the
COO, CFO or Chief Executive. The fraudster typically
advises the employee that they need them to process
an urgent and secret payment instruction. The
fraudster also usually gives a false payee name and
a cover story to explain why the payment needs to be
made, such as there being a confidential acquisition.
The fraudster will then provide the employee with
details of the payment that needs to be made and
the employee processes a payment directly to the
fraudster’s bank account.
The fraudster then quickly moves the money, often
before it can be stopped or traced.
Who’s behind this?
Frauds of this nature are often perpetrated by highly
organised groups of criminals.
Fraudsters obtain information on an entity which it
seems ought to be confidential, and this information
enables them to convince the target employee that
they are genuine.
How do they do it?
Information can be obtained on companies in a
number of different ways. These might include a data
breach or hacking attack, it may have been passed
on by an insider, perhaps an employee or cleaner, or
it might have been obtained by physical access to the
Insured’s premises.
More usually though the fraudsters target a company
with nothing more than knowledge of the business and,
importantly, its personnel which they have gleaned from
social media, from the company’s own website and from
elsewhere in the public domain. It’s worth mentioning
though that in most cases it’s simply not clear how the
fraudsters obtained the information they did.
The fraudsters use the information they have to win the
confidence of the target employee and then convince
them that they need to follow their instructions if they
want to be helpful and ‘do the right thing’.
Fraudsters often target non-native English speakers
at foreign subsidiaries of companies so that the
employees are less likely to spot the warning signs. It
also means that the targeted employee could be more
removed from UK management and less likely to ever
have met/dealt with the senior employee the fraudster
is impersonating.
In some instances, fraudsters also use email addresses
that appear to genuinely originate from the target
company. This can either be a result of making an
external email appear internal in email correspondence
for instance by masking the email header or it can
result from fraudsters hacking into an email account.
Fraudsters also capitalise on the fact that when making
a bank transfer, the paying bank does not check or
have access to the recipient’s account name with the
receiving bank; the only relevant details the bank uses
to make a transfer are the account or IBAN number
and the sort code. The payee name is irrelevant.
Fraudsters typically have access to a network of bank
accounts across the world and they usually transfer
funds rapidly between them before withdrawing them
somewhere they cannot be traced. Funds are often
tracked to China or Africa before they disappear.
Fraudsters tend to favour jurisdictions where banking
and anti-money laundering legislation is less
developed.
What are the common factors across different fake president frauds and
what should we look out for?
•Confidential and urgent payment purportedly
required;
•Instructions from a senior member of staff;
•The senior officer often says the employee will
be contacted by a lawyer who gives the payment
instructions;
•Emails often accompanied by pressuring phone calls;
•Payee bank details may relate to an account in a
different jurisdiction;
•Errors in email addresses, spelling mistakes, or poor
grammar in communications.
How can we prevent fake president frauds?
There are a number of ways to help prevent these
types of fraud which are discussed further in the
document entitled “How to Spot a Social Engineering
Fraud”. We note here, however, that one of the
most effective ways to prevent this type of fraud is by
making all employees aware of the risk factors and
encouraging employees to be sceptical of any unusual
instructions of this nature they might receive.
ASL are specialist loss adjusters. They have worked closely with AIG and
their clients for many years investigating the full spectrum of crime claims
including stock losses, employee fraud and social engineering frauds.
This thought leadership article is not intended to constitute a definitive, up-to-date, or complete statement of the law, nor is any part of it intended to constitute legal
advice for any specific situation. You should take specific advice when dealing with specific situations and jurisdictions outside England & Wales.
American International Group, Inc. (AIG) is a leading global insurance organization serving customers in more than 100 countries and jurisdictions. AIG is the marketing
name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc.
All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries,
and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Insurance products may be
distributed through affiliated or unaffiliated entities. In Europe, the principal insurance provider is AIG Europe Limited.
Additional information about AIG can be found at www.aig.com | YouTube: www.youtube.com/aig | Twitter: @AIGemea | LinkedIn: http://www.linkedin.com/company/aig
AIG Europe Limited is registered in England: company number 1486260. Registered address: The AIG Building, 58 Fenchurch Street, London EC3M 4AB.
AIG Europe Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority
(FRN number 202628). This information can be checked
GBL00001073 Fake President Fraud Aug16