Saturday, February 4, 2017

Bold New Crime Theme

This was reported this week in Germany by SWR.  It's a business story with an odd twist.

A company (medium-sized) had this finance officer who had just received an email from the boss.  It was a direct and blunt email....we need to send roughly one-million Euro to an account in China....real quick, and with no discussions or comments.

So the transfer was made effective, and a couple of days pass....with the finance officer coming up to ask a question over this to the boss.  What transfer....was the comment of the boss.  He had not sent such an email.

So, it was a fake email....or the Chinese guy stole the email account from the boss and sent the email.  Retrieving the million Euro?'s impossible at this point.

Authorities in the Pfalz indicate that this is not the first such attempt to do something like to via a company situation, and they kinda expect more of these.

The name given to this type of crime?  CEO fraud.

The problem I see is that on a routine basis....from the boss of a company to a finance officer....there could be forty emails a week.  You could slip into the boss's account....send an email each week for 3,000 Euro to be moved and cover some bill.  Every single could watch 12,000 Euro move around like this and most companies wouldn't note notice this.  Find 100 of such companies, and be looking at 12 million Euro a month.  The lesser the amount....the less likely anyone would slip and figure this out.  Just a silly amount like 350 Euro per company, per month....would end up as 350,000 Euro a month or over four million a year.

How to hinder or stop this?  You'd have to build a massive firewall around the Finance Officer, or end up with a personal meeting several times a week to authorize payments.

My suspicion is that a lot of people will view this as easy money and try to play out the simple 100 to 200 Euro game every month with fifty companies.  You might be able to keep this up for years with no one in the finance department figuring this out unless some idiot called for a complete audit of the company.

No comments: