RGP issues “CEO” Fraud warning

Local businesses are being targeted by fraudsters purporting to be Chief Executive Officers, Senior Management representatives, and in some cases prominent private clients, police have said.

The Royal Gibraltar Police has issued a warning following an increase in reports of ‘CEO or Client Impersonation’ scams, as well as advice to avoid becoming a victim of such crimes.

The Fraud Squad, one of the components of the RGP Economic Crime Unit, is currently conducting two parallel investigations with the UK Metropolitan Police and with close liaison with the National Crime Agency and the National Fraud Intelligence Bureau, with both cases relating to “CEO Fraud” where victims suffering losses of between £10-40,000.

‘CEO or Client Impersonation’ scams, police said, usually manifest themselves in the form of emails requesting payment to be made on the same day, often providing a seemingly satisfactory explanation for the urgency.

Police advise that emails are often received when the ‘sender’ is away from the office, making it difficult for the recipient to check whether or not it is genuine.

In addition, the fact that the email seems to originate from a senior person in the organisation or a known client can make these requests more believable, and likely to result in payment being made, than a traditional “phishing” email.

Fraudsters often achieve the “impersonation” by either hacking into a senior figure or client’s email account, spoofing the sender’s/client’s actual address or use one that is very similar, but almost indistinguishable.

Their scam can also be aided by gathering information about the targeted organisation and the relevant people in it through social engineering techniques or other underhand methods, or even via legitimate methods such as LinkedIn.

In some cases, the email is followed by a call from the supposed payee, providing payment details.

The risk, police said, lies in the belief that you are making payments to suppliers or other legitimate third parties when, in fact, you are paying fraudsters impersonating a senior officer in your organisation or a known client.

To protect your business from such scams police urge people to be vigilant for payment requests that are unexpected or irregular, whatever the amount involved.

“Always check with the person you believe sent the email, however senior or busy, that the request is from them. If they’re not available and the email has requested urgency, check with one of their senior colleagues.”

“Do not do this by email in case someone’s account has been compromised. Instead, make a phone call, ask in person or use some other trusted communication method.”

“If in any doubt, do not make the payment, however urgent it may seem or whatever the suggested outcome(s).”

If you feel you may have been targeted by CEO fraud, contact the Economic Crime Officers by email at ecu@royalgib.police.gi for further information.