Skip to main content


Make sure you pay the CEO

Payment FraudOver the last month the J2 Software team have noticed an increase in an evolved method in change of bank details or payment fraud. While this might sound like old news, this now more directly involves the CEO.

Traditional payment fraud has been rife for some time where the cyber criminal impersonates the CEO, or other senior members of staff, to convince the finance department to make an urgent payment to either a new supplier or update their bank details. The change of bank detail fraud uses fake banking confirmation letters and the trust of finance people to update an existing supplier’s details. The growing number of successful attacks have proven to be very costly to businesses of all sizes. Owing to this, many businesses have now implemented stronger verification processes to verify supplier bank details changes, which means that the criminals have had to change their approach and tactics.

This trend involves an internal change of bank details, mostly for the CEO. The cyber criminal impersonates the CEO by using an external email address, claiming that it is their private email address, and requests that their bank details for payroll is updated. All of these use similar wording and it is usually done a week before payroll, to stress the urgency. To make sure that they pay their CEO, many of these changes have been successful. The finance or HR team update the details and the cyber criminal is paid, after which they rapidly get the money out before anybody notices.

This sort of thing can be successful owing to the modern workplace, hybrid working models and because very few people even know this risk exists. With organisations bolstering their external banking detail change processes, along with extra vigilance, the cyber criminals have moved to weaker processes. Many businesses I have spoken to do not have a formal process for employees to change their bank details, with some only requiring an email to be sent. This means there is no verification on these change requests, resulting in losses and the blame game starting.

In order to stop this from happening to you, I am able to provide some simple pointers to be incorporated into your processes.

  1. Review and strengthen internal change of bank detail processes. This should include secondary validation of the request in the same way external parties are treated.
  2. Ensure your cyber resilience program includes awareness training for those involved in finance or HR matters as there is as much risk of financial losses and embarrassment from internal risks as there is from external sources.
  3. Make sure you are speaking to the correct person on the other side of the email. Verify changes only from contact details that are already on the system; do not rely on something purely in the email.
  4. Implement impersonation protection at the gateway. Your external secure email gateway should do this for you. Adding in specific additional checks for those VIPs who have greater access must be in place.  

A comprehensive cyber resilience program, provides layered, in depth protections and can remove these risks before your people even see them. Prevention is most definitely more cost effective than remediation. Cyber resilience provides visibility and visibility provides the capability to respond.

Speak to us, the team at J2 Software can help.

  • Created on .
  • Hits: 904