No products in the cart.
Cybercriminals are targeting employees in Pune, India, and conning firms for crores of rupees in a new type of scam. The criminals impersonate company CEOs and send emails to senior officials, instructing them to transfer large sums of money to fraudulent accounts.
September 23, 2023: The scam, known as “CEO fraud” or “whaling phishing,” is a type of social engineering attack. The criminals carefully research their targets and craft emails that are designed to look like they are coming from the CEO. The emails often contain urgent requests for money transfers, and they may use threats or intimidation to pressure the officials into complying.
One recent example of this scam occurred in Pune last year, when the Serum Institute of India, a global vaccine major, was cheated of Rs 1 crore. In this case, the criminals impersonated the CEO of the company and sent an email to a senior official, instructing him to transfer money to a fraudulent account. The official complied with the request, and the criminals were able to steal the money.
The Pune police have warned private companies about this scam and have advised them to be vigilant. They have also urged employees to verify any requests for money transfers with the CEO or another high-ranking official before complying.
Cybercriminals are constantly developing new ways to scam people and businesses. It is important to be aware of the latest scams and to take steps to protect yourself. If you receive an email from your CEO or another high-ranking official requesting a money transfer, be sure to verify the request with the person directly before complying.
The Pune police have also advised employees to be wary of emails that contain suspicious links or attachments. These links and attachments can contain malware that can infect your computer and steal your personal information.
It is also important to note that cybercriminals are not just targeting large companies. They are also targeting small and medium-sized businesses. Businesses of all sizes should take steps to protect themselves from cybercrime.
How the scam works
Cybercriminals start by carefully researching their targets. They may gather information from social media, company websites, and other public sources. Once they have a good understanding of their targets, they create fake email accounts that are designed to look like they are coming from the CEO or another high-ranking official.
The criminals then send emails to their targets with urgent requests for money transfers. The emails may contain a variety of excuses, such as the need to pay a vendor, cover an unexpected expense, or make an investment. The criminals may also use threats or intimidation to pressure the targets into complying.
In some cases, the criminals may even go so far as to create fake websites that look like the company’s website. The websites may contain fake login pages that are designed to steal the targets’ credentials.
Recent examples of the scam in Pune
In addition to the example of the Serum Institute of India, there have been several other recent cases of CEO fraud in Pune.
In July 2022, a software solutions company in Pune was cheated to the tune of Rs 4.7 lakh. The criminals impersonated the CEO of the company and sent an email to the finance manager, instructing him to transfer money to a fraudulent account.
In August 2022, a prominent real estate firm in Pune was cheated to the tune of Rs 66 lakh. The criminals impersonated the Vice President (Accounts) of the company and sent messages to the accounts team, seeking transfer of funds to fraudulent accounts.
How to protect yourself from the scam
There are things you can do to protect yourself from CEO fraud:
Be wary of emails from your CEO or other high-ranking officials, especially if they contain urgent requests for money transfers.
Verify any requests for money transfers with the CEO or another high-ranking official directly before complying. You can do this by calling them on the phone or sending them a separate email.
Do not click on links or open attachments in emails that appear to be from your CEO or other high-ranking officials, unless you are confident that the emails are legitimate.
Use strong passwords for all of your online accounts and change them regularly.
Keep your computer and mobile devices up to date with the latest security patches. If you think you may have been a victim of CEO fraud, report it to your company’s IT department and several to the police.
Additional tips for businesses
Businesses can take several steps to protect themselves from CEO fraud, including:
Educating employees about CEO fraud and how to identify it. This can be done through training programs or email alerts.
Implementing security controls to prevent employees from opening fraudulent emails or clicking on malicious links. This can include using email filters and web content filters.
Conducting regular audits of financial transactions to identify any suspicious activity.
Having a plan in place to respond to cyberattacks. This plan should include steps for containing the attack, investigating the incident, and recovering from the damage
By taking these steps, businesses can reduce their risk of falling victim to CEO fraud. CEO fraud is a serious threat to businesses of all sizes. By being aware of the scam and taking steps to protect yourself, you can reduce your risk of becoming a victim.