Bogus Boss or CEO fraud as it is also known has come to prominence in the UK during 2015. Action Fraud has recorded 994 reports in the second half of 2015, contributing to an overall reported theft through this ruse of £32m. Only £1m of this amount has been recovered at present.
What is a Bogus Boss fraud?
The fraud is relatively basic in premise. The perpetrators will pose as a senior member of an organisation to target its finance department, in an attempt to convince the staff to make payments to bank accounts controlled by the fraudsters.
Despite the overall simplistic nature of the scam, the fraudsters are highly skilled and will add credibility to their request through emails and phone calls. In many cases the email will appear to originate from an internal source and will even contain the usual sign off or footer. The psychological manipulation of receiving an urgent request from a senior member of staff is aimed at not letting the target fully analyse the request.
Size of UK targets so far
The largest single reported theft so far is £18.5m from a global healthcare company. The financial controller received several phone calls and emails during the space of a few hours, which resulted in £18.5m being transferred into accounts in China, Hong Kong and Tunisia.
Action Fraud has reported that the average theft is £35,000, which indicates that companies of all sizes should be on alert. Furthermore Experian’s 2015 report illustrates that London and the East of England are the UK hotspots for 3rd party fraud. Consequently businesses in East Anglia should be particularly cautious.
It is likely that the Bogus Boss method will continue to gain popularity with criminals due to the small initial investment which is required, unlike malware for example, which will require development followed by continuous updates to maintain functionality. There is also a wealth of publicly available information, such as LinkedIn, which can be engaged to select targets and gather information to make the request appear more plausible.
This type of fraud has been popular in other jurisdictions for a number of years. Since 2010, French businesses have lost at least €465m, with attempts to take a further €830m. In the US, $740m has been reported stolen in the last 2 years.
Overall fraud landscape
The overall fraud landscape seems to changing. This is supported by Experian’s 2015 fraud survey exhibiting the continuing shift from 1st party to 3rd party frauds, with a fraud now most likely to be perpetrated by an external party.
The sizeable swing towards 3rd party frauds in recent years means that businesses need to be ever alert to threats which they cannot monitor.
The likely growth of Bogus Boss frauds, combined with the East of England being a hotspot for frauds committed by external parties, means that businesses in East Anglia, regardless of size, should ensure that they have suitable safeguards in place to mitigate their risk.
The forensics team at Ensors have considerable experience in performing reviews of a business’ internal systems and controls and also in investigating suspected frauds. We would be pleased to answer any queries regarding ensuring your business is ready to face the threats outlined in this article.