The Phishing Threat From The Corner Office

Last year, a finance team member in global toy manufacturer Mattel sent more than $3m to a fraudulent account in China, after a finance executive was fooled by a message he thought was from his new boss, a recently appointed chief executive.

It wasn’t just the maker of the Barbie doll line that has been a victim of the latest ‘CEO fraud’. There’s also the case of Austrian aerospace parts maker FACC, which dismissed some of its most senior C-suite staff after losing an eye-watering €42m in a similar email fraud.

CEO fraud is a major problem as the BBC recently pointed out in an article with a headline that sums up the problem succinctly: ‘Could you be sending your firm’s cash to fraudsters?’ The piece quotes some hair-raising statistics; the FBI says CEO fraud has risen by 270% since January of last year alone, costing the global economy at least $3bn over the past three years, while an invoicing company Tungsten Network says tricking companies into sending invoice payments to the wrong people costs UK companies about £9bn a year.

There’s always going to be a danger around internal fraud, but this kind of external fraud is a problem too. Indeed, CEO fraud’s amazing boom is a particular concern. One can’t help but agree with Steve Proffitt, deputy head of Action Fraud, the UK’s reporting centre for fraud and cyber crime, that, ”Employees should be encouraged to double check everything they do.”

But that can be a big ask for people working at full capacity, who just will let things slip from time to time. So what do we do – do we just accept there will always be some ‘shrinkage’, shrug and write it off?

No. We can do more, and should. The main thing to attack when it comes to any kind of fraud is the information gap. Someone in Finance fully armed with the information would never do what the employees at Mattel and FACC did. The challenge is to close that information gap to be as narrow as possible, and close it for good if possible.

Control backed by full digital access to relevant information is the way forward here. Have I ever had this kind of email before? Has it ever come from this person before? What do I know about this person? Any kind of unusual behaviour should be flagged up automatically, with the help of a supportive anti-fraud system, ideally fully integrated into a robust, modern contract management platform.

The lesson has to be that it’s unmanned processes that are the problem – that 20%. It’s the job of thedmcollaborators community and information management practitioners generally, I believe, to help offer useful ways to help avoid any more Mattels – and to help put all these siphoned off billions back in the hands of consumers, shareholders and the supply chain.


Howard Frear is Sales and Marketing Director at EASY SOFTWARE UK

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s