Be On Guard of Executive/Owner Email Scams

Everyone should be aware of scam that is on the increase – executive wire fraud!

Scammers are successfully targeting companies with an email scam that might look like this-

nohre1

The above email looks totally legitimate!

nohre2

When you hit reply notice the reroute email above…it should say Dirk@Nohre.com!

Here are some other common methods these scammers are doing –

  • Spoofed email to employee allegedly from CEO, President, CFO asking for emergency wire transfer
  • Spoofed email from an executive of the company citing a “confidential deal” and asking employee to contact an outside “attorney” for further instruction
  • Spoofed email to employee (often in accounts payable department) allegedly from a vendor asking to change the vendor’s address and payment information
  • Spoofing email, asks the staff person (from the executive) Are you in the office? The staff person says yes. The second email says “I need assistance with a payment to a vendor for a consulting service $15,000. Should I send the bank details?”

They are clever! Always be looking at the actual email address not just the name for a fraudulent email addresses.

For instance we received one that came in as follows – Dirk Nohre edkwheinz@gmail.com

At first glance it looks like Dirk sent the email, but upon further inspection it is clearly aimed at fraud because this is not his email address.

From 2014 to mid-year 2015 over $1billion has been lost per the US Secret Service.

Do not fall victim to these types of scams…always get positive confirmation from the sender.

That is calling the executive and confirming their request, in handwriting if possible. If they are out of town call them directly.

Most banking institutions have infinite amounts of information how to assist you with strong(er) treasury controls for your organizations to protect company assets!

Other versions of these kinds of scams may have malware installed in the system via an employee clicking on a compromised website like that is emailed to them (this is called phishing), which can lock your system and hold your organization hostage.

When in doubt…do not click! Stay vigilant!

Strong IT controls should also be put in place with firewalls and software that is looking for these kinds of fraudulent websites. There are many methods but those who have authority with any monetary transactions in an organization should be on guard all of the time!