CEO fraud warning

In such fraud, fraudsters try to impersonate a company's executive by email and make account transfers. The address of the email sender may look like the same as, for instance, that of the company’s CEO but the sender’s address has actually been falsified. The messages are short, trying to create an impression that payment must be made without delay. Before requesting money transfers, the messages may also enquire about your bank account balance.

Example of phishing (English version):

“Hi,

Can we pay EUR xxxxx.xx this morning?

XX”

Give instructions to your personnel in advance!

  • Educate your employees and advise them to be very accurate in making payments.
  • Talk through any situations related to CEO fraud and prepare for it. It is also advisable to examine the company’s contractual partners inhouse so that the employees know with whom they are doing business. Also agree on who is the one in your company accepting new agreements and orders.
  • If any of your staff member receives a weird email message from your company’s management requesting to transfer money or disclose information, tell them that the information and the legitimacy of the request will be verified by making a phone call. The information must be verified by other means than by the contact information shown in the phishing email message.
  • If an employee receives an email message that seems weird, it is advisable to click on reply just to test it. In many cases, the phishing email message sender has been managed to be edited and the recipient’s address also looks correct but when you try to reply to the message, you will find a gmail or hotmail ending, for example. However, you should never reply to phishing email.
  • Do not agree on anything over the phone if you are not sure with whom you are talking. Ask for more information by email in writing.
  • What to do if fraud or attempted fraud has occurred:
  • If the fraudster succeeds in the attempt for a money transfer, immediately call the bank
  • 010 252 7700 (Mon–Fri 8 am–6 pm) or
  • 0100 05151 (Mon–Fri 8 am–10 pm)
  • Contact your payment services manager even if the fraud only remains an attempt!
  • If fraudsters have registered a domain that violates your company’s trademark, report it to the Finnish Communications Regulatory Authority, cert(at)ficora.fi
  • File a request for investigation with the local police.
  • Forward the phishing email message you have received to tietoturvailmoitukset(a)op.fi