She thought she was buying $500 in gift cards for her boss — but she was actually the victim of a 'CEO scam'
Fraudsters gain access to supervisor's email account, then target employees who have authority to access money
North Vancouver RCMP are warning of a so-called "CEO scam" after a government employee was duped into buying $500 in gift cards.
Police say a clerical employee of a government agency in North Vancouver received an email from her supervisor in mid-September, asking her to buy $500 in iTunes gift cards.
The supervisor claimed to be in a long meeting and too busy to buy the cards himself. He asked that the employee forward the gift cards to him.
RCMP say the employee believed the email was credible and bought the cards as requested.
But the staffer became suspicious when she received a second email urgently asking her to buy another set of $500 gift cards. She contacted her boss and realized she had been duped.
The agency reported the fraud to police a few days later, on Sept. 15.
'Very difficult to trace'
RCMP say this is what's known as a "CEO scam," in which fraudsters gain access to the email account of a supervisor and target employees who have the authority to access and move money.
Cpl. Richard De Jong said RCMP have encountered these scams before, but it's the first of this scale in North Vancouver. He said RCMP are still investigating the incident.
"Any time iTunes cards are involved, it's very, very difficult to trace that," he said.
De Jong said the scam isn't limited to gift cards, but can also involve direct transfers of money from the company to another account.
RCMP are offering tips to protect yourself and your business against the scam:
- Ensure your computer systems are secure, keep anti-virus software up to date, and encourage all employees to use strong passwords to protect their email accounts from hackers.
- Take a careful look at the sender's e-mail address. It may be very similar to the real one, with only one or two letters being different.
- Double-check with executives when they send wire transfer requests by e-mail, even when they look legitimate. Don't use the contact information provided in the message and don't reply to the e-mail.
- Establish a standard process that requires multiple approvals for money transfers.
- Limit the amount of employee information available online and on social media. Fraudsters use it to find potential victims and time their targeted fraud.