At BiggsKofford, we have become aware of a new scam that is being perpetrated against small and mid-size companies. Here’s how it works…
The company owner/CEO’s email address is cloned and an email is sent to his/her CFO/Controller. The CFO is instructed to wire funds for what appears to be a legitimate business transaction.
For many small to mid-size companies, this type of email exchange between CEO and CFO is actually quite common. So, the CFO executes the wire – believing it was a legitimate request from the CEO.
Before you say “This couldn’t happen to me”… ask yourself how much trust exists between you and your CFO? Of course, we all want a trusted relationship with our CFO. But, this trust is actually being used against business owners in this scam.
Here are some ideas to prevent this:
- Ask your business banker to help you implement and enforce controls requiring separate approval for all wire transactions directly by the CEO.
- Make sure any employees that authorized the transmittal of funds always obtain a secondary confirmation from the CEO (in person, over the phone or even in a voice-mail).
- If you routinely send emails to authorize wires, consider establishing a “code” word or phrase that the CFO knows identifies the CEO in the email. (Note: This may not be failsafe, if your email has been hacked and is being monitored).
As the criminals get more creative and sophisticated, so must we. Please watch out for this latest scam.