The National Fraud Intelligence Bureau (NFIB) has seen an increase in the volume of Chief Executive Officer (CEO) Fraud reports whereby medical practices are the targeted victim in recent months.
How the fraud works?
A medical practice is targeted by a fraudster who purports to be a senior partner (or CEO equivalent). The fraudster contacts a member of staff with responsibility for authorising financial transfers, requesting payments to be made into bank accounts under the pretence of a highly sensitive or urgent transaction.
Initial contact appears to primarily be made via email from an address similar to the one the senior partner would use, although the suspect may telephone to complete the fraud if required. In addition, the fraudster may also introduce a second fraudster, who poses as a lawyer or regulator.
With a strong social engineering element, the fraudster often requests that they are not contacted further by the authorising member of staff as they are busy. Alternatively the fraudster may pick occasions when the genuine senior partner is on holiday, therefore preventing the authoriser from checking the validity of the request.
This type of fraud has resulted in substantial financial losses for several practices that have fallen victim to this.
How to prevent against CEO fraud
- Review internal procedures regarding how transactions are requested and approved, especially those in relation to verifying validity.
- Check email addresses and telephone numbers when transactions are requested. If in doubt request clarification from an alternatively sourced email address/phone number.
- Don’t be afraid to question details when being tasked to transfer money at short notice.
Report fraud and cyber crime to Action Fraud and receive a police crime reference number.