Norfolk County business scammed out of almost $250,000

A business in Norfolk County has been scammed out of nearly $250,000 after falling victim to the so-called 'CEO scam'.

Provincial police say a company fell victim to so-called 'CEO scam'

Provincial police are investigating after a company in Norfolk County lost $236,000 to hackers through the so-called 'CEO scam'. (CBC)

A business in Norfolk County has been scammed out of almost a quarter of a million dollars.

Provincial police say an employee who is responsible for paying invoices and transferring funds, received an email from what appeared to be the owner of the company on April 16, 2019, requesting payment of an outstanding invoice.

Investigators say the employee transferred $236,000 to a company in the United States, however, when a second e-mail came in, requesting a second payment, the staff member became suspicious and contacted the owner.

It turns out, the company had been hacked.

How it happens

"The 'CEO scam' starts when a criminal poses as the company's president or owner using a fake or hacked email account," said OPP Constable Ed Sanchuk. "In this case, it was determined that this business' account was actually hacked."

Police are not releasing the name of the company involved. Sanchuk says this is the first time he's heard of the 'CEO scam' involving such a large amount of funds in southwestern Ontario.

Police are using the opportunity to remind businesses that there are a number of safety measures they can put in place.

"We need people to make sure they're paying attention. When something doesn't seem right, make sure you go with your intuition, make sure you make some further phone calls before sending any money to anybody," said Sanchuk.

How to avoid being scammed

  • Educate employees about the 'CEO scam' and urge them to be skeptical of urgent or suspicious requests made by email.
  • Always encourage employees to communicate with their manager if they feel a request seems unusual or suspicious.
  • If anyone has any doubts about an email that appears to be from someone at your company, immediately contact that person by phone before responding.
  • Have policies and procedures in place requiring more than one person to approve any fund transfers.
  • Watch what you share on-line. This information can be used to gain information about you and that can be used to target your company.