Companies should prepare for this summer’s fraud attempts

The summer holidays and holiday stand-ins working for companies encourage fraudsters to attempt various frauds targeting companies’ payment transfers even more actively than normal. The most typical frauds involve sending an email message in the name of the company’s management, asking to urgently make a payment. Another common fraud is a request ostensibly sent by an employee to change the salary payment account or phishing attempts targeting various credentials.

We encourage our corporate customers to provide their employees – and especially their summer stand-ins – with orientation regarding the payment approval process and notify their employees of current threats.

Common frauds targeting companies and associations include, for example:

CEO fraud

CEO fraud is a type of attack in which fraudsters impersonate an executive of a company or association to fool the recipient of the email to make a credit transfer. For example, the email may appear to be sent by the company’s CEO, when in reality, the sender's address has been forged or the email account has been hacked. These messages are particularly often targeted at accountants, fund managers and other persons in charge of payment transfers. 

The messages are short in an attempt to create the impression that the payment must be made without delay. Before the credit transfer, the fraudster may enquire about the balance of the bank account, and the request may include a fake invoice. Typical reasons for payment include IT services, the redesign of a website or IT service, office supplies or logistics. 

Salary payment fraud 

The salary payment fraud involves sending a new account number for salary payments via an email message sent in the name of a company employee. The email may appear to be sent by an employee of the company, when in reality, the sender's address has been forged or the email account has been hacked. If you receive a request to change a bank amount via email, always check the sender’s email address and contact the employee directly using another method of communication, such as the phone, to verify the request. You should be particularly careful if an employee whose salary has been previously paid to an account in a Finnish bank submits a new bank account for salary payments other than an FI account. However, salary payments may also be directed to Finnish bank accounts in salary payment frauds.

Office 365 credentials phishing 

A typical Office 365 credentials phishingmessage looks as if it had been sent by someone you know and it often includes a link to another file. When you click the link, you end up on a genuine-looking page where you are asked to log in using your Office 365 credentials. However, the page is not authentic, and if you enter your credentials on the page, they will end up in the possession of the fraudsters. Using credentials acquired by phishing, the fraudsters are able to access your email and, for instance, forge payment information sent by email or create fake invoices, which they will send to the addresses saved in your email account’s contact list. Your account may also be used to send other messages phishing for other users’ Office 365 credentials. 

Fraud checklist:

  • Agree in advance on your company’s payment approval processes for different situations and recap them on a regular basis. Provide summer stand-ins with orientation and make sure that they are aware of potential phishing attempts.
  • Always pay attention to changed account numbers, verify them and agree on the principles according to which account numbers can be changed in systems.
  • If you receive a suspicious message, always verify its authenticity from the sender over the phone or face-to-face.
  • Report each fraud or attempted fraud to the bank to your own Payment Transactions Manager or by calling 0100 05151 (weekdays from 8 a.m. to 4 p.m.)
  • File a request for investigation with the police.
  • Forward the phishing email message you have received to tietoturvailmoitukset(a)op.fi 
  • For further information and practical advice to prevent loss, please go to the National Cyber Security Centre website.