Employee fooled by fake invoice pays out $236K in CEO scam: OPP
Police say scammers can hack email accounts and pretend to be a company's owner
A Norfolk County business is out $236,000, police say, after someone claiming to be the owner fooled an employee into paying a fake invoice.
Provincial police were contacted about the alleged fraud around 1:36 p.m. on April 23.
They say an employee responsible for paying invoices and transferring funds received an email from the CEO requesting payment on an invoice for a company in the United States.
The invoice was paid in full, but when a second email was sent asking for payment on another invoice, police say the employee became suspicious and contacted the owner.
"It was then discovered that the email address had in fact been compromised without anyone's knowledge," according an OPP press release.
Investigators described the fraud as a "CEO scam" where a criminal poses as a company's president or owner by using a fake or hacked email account sends the person in charge of payments a fake invoice asking for payment.
"It will look just like the owner's regular email, sent directly to someone responsible for issuing payment, making that person believe that they had received a legitimate request to pay an invoice," stated police.
Here are some tips on how to avoid being scammed:
- Teach employees about CEO scams and tell them to be skeptical of urgent or suspicious requests made by email.
- Encourage employees to communicate with their manager if they feel a request seems unusual or suspicious.
- If anyone has doubts about an email that appears to be from someone at your company, immediately contact that person by phone before responding.
- Have policies and procedures in place requiring more than one person to approve any fund transfers or payments.
- Watch what you share online. This information can be used to gain information about you and that can be used to target your company.
Anyone with information about this incident is asked to contact police or Crime Stoppers.