The first time I got an email from my son “reminding” me to wire funds, I thought it peculiar. As it happens, our desks are only 30 feet apart.
“Scam,” he pronounced.
How can you tell? was my question.
As a mother, I’ve had calls from kids asking for money in the middle of the night. Letters from camp some thirty years ago pleaded for cash to spend on candy. The envelope, by the way, was mailed USPS, addressed to MOM with an incomplete address, and included a couple of spent shell casings from camp target practice (it was another era). The sender was eight at his first sleepaway camp.
By the time my kids were in college I had come up with a genius idea which I never got around to patenting—a voice recording that went like this: “I’m not in, but please use the touchtone system to leave your message: Dial 9-1-1 if this is a medical emergency. Press 1 if you’re calling to request money. Press 2 if this is for books. Press 3 if it’s for bail. Press 4 if the cash is for other purposes. Enter the amount needed including decimals. Sorry I didn’t get that…please repeat. Oops…out of time…see you at Christmas.”
CNBC’s Financial Times reported today that cyber criminals hauled in more than $2B over the past two years with the “CEO Fraud” scam. The email impersonates the accounts of chief executives and requests funds to be wired. Some 12,000 victims got hooked into wiring funds when receiving the same email I supposedly received from the company president, who happens to be my son.
What can be done to protect against becoming a victim of the CEO scam?
Set internal policy. Agree between management, managers, boards of directors, financial department directors to never-never-never-never email instructions to wire funds. And never follow those instructions when received by email. Does this cause payment delays? Sometimes, probably. But it could save you millions and inspire a conversation.