Posted on Friday February 1st, 2019 by Ragnar Sepp

Notification on fraud scheme.

Police and Border Guard Board and Information System Authority would like to inform you about CEO frauds in Estonia.

Lately we have seen an increase in cases where seemingly the CEO or CFO of the company sends and email to an accountant (or an email exchange in some other similar combination) and asks to make a payment to a foreign bank account. Usually the payment amounts are in the range of 10 000 to 100 000 euros.

In these cases, criminals try to confuse the email recipient by creating an email address that visually resembles the sender’s authentic one or take advantage of weaknesses in email authentication methods.

There have also been cases where criminals have obtained access to a company’s email account and monitor the email exchange with a goal to change the bank account information on invoices.

In these cases, the fraud is discovered much later and the amounts stolen tend to be bigger.

We ask you to be extra careful if you notice any of the following:

  • The bank account of your business partner has changed (the reasons given might be audits, restructuring of the company etc.).
  • Sender’s email address has changed.
  • You are rushed into making the payment and directed into one communication channel.
  • Emails are usually short and they might have spelling mistakes or grammatical errors.

If you are a recipient of an email or rushed into making a payment and you become suspicious of the authenticity of the request please contact the company or the person who made the request by using other means of communication (e.g., by telephone). We recommend using a phone number from much older correspondence or from the official web page of the company.

Although double-checking is annoying, it takes only one minute and might save you 50 000 euros.

We do recommend using SPF and DMARC authentication methods for your email systems to decrease the possibilities of spoofing your emails.

Criminals might take advantage of the holiday season when people are in more of a rush to get their work done to spend more time with their families.

If you receive this kind of a phishing email please always inform the Information System Authority (cert@cert.ee) and the Cybercrime Bureau of the Police and Border Guard Board (cybercrime@politsei.ee)