The President's Call scam is a real threat to businesses, particularly those that are not prepared for this type of attack. The key to protection lies in vigilance, employee training and the establishment of clear and secure procedures for managing funds. With the right precautions, it is possible to thwart this scam and protect company assets.
The Chairman's call scam, also known as the ‘Chairman's fraud’, is a sophisticated scam that mainly targets businesses.
In this type of scam, fraudsters pretend to be the chairman or a senior executive of a company in order to trick an employee, often in the accounts or finance department, into transferring large sums of money to overseas accounts.
How does this scam work?
The scam is based on meticulous psychological manipulation and upstream preparation. The fraudsters start by gathering detailed information about the target company and its management. They then use this information to convince an employee of the legitimacy of their claim.
Here are the typical stages of the scam:
Contact: The scammer calls or emails an employee pretending to be the company chairman or a senior manager. They may use spoofing techniques to make the phone number or email address appear legitimate.
Urgency and confidentiality: The fraudster insists on the urgent and confidential nature of the operation, often under the pretext of a secret acquisition or a critical situation. They put pressure on the employee to act quickly and without consulting other colleagues.
Money transfer: Under pressure, the employee, convinced that he or she is acting in the company's interests, makes the requested transfer, often to bank accounts abroad that are difficult to trace.
What makes this scam work?
Several factors explain the effectiveness of this scam:
In-depth knowledge: Fraudsters learn about the company, its internal organisation, its financial practices and even the personalities of its directors, making their deception more credible.
Psychological manipulation: The fraudster uses manipulative techniques to instil a sense of urgency and duty in the employee, exploiting hierarchy and respect for authority.
Isolation of the victim: By insisting on confidentiality, the swindler isolates the employee from any consultation with colleagues or superiors, preventing any verification that might unmask the scam.
How to protect yourself?
With the rise of the President's Call scam, it is crucial for businesses to put in place robust strategies to protect themselves against this type of fraud. Here are some detailed measures that businesses can adopt to reduce the risks:
Raising awareness and training employees:
Regular training: Organise training sessions to make employees aware of the most common fraud techniques. This training should be regular to keep employees up to date with new fraud methods.
Training scenarios: Use realistic scenarios to simulate a ‘president fraud’ attack. This enables employees to recognise the signs of an attempted scam and know how to react.
Internal communication: Create clear communication channels so that employees can quickly report any suspicious requests or situations that are out of their control. It's important that they know they won't be penalised for asking for further confirmation.
Strict internal procedures :
Double-checking: Introduce a rule whereby any request to transfer funds must be validated by at least two people, regardless of the urgency of the situation. For example, an unusual request from the Chairman might need to be validated by the Finance Director.
Confirmation calls: In the event of an unusual transfer request, the employee must systematically confirm the authenticity of the request by contacting the relevant manager directly, using a pre-registered telephone number, and not the one provided in the initial request.
Cooling-off period: Introduce a mandatory cooling-off period for requests for urgent transfers. This reduces the psychological pressure on the employee and gives them time to check the details.
Protection technologies:
Security software: Use technological solutions capable of detecting phishing attempts and spoofing attacks, such as email filtering tools and multi-factor authentication systems.
Automated alert systems: Implement systems that alert managers when unusual transactions or large sums of money are being processed, allowing additional verification before the money is transferred.
Continuous monitoring: Install software that monitors internal communications in real time to detect anomalies or suspicious behaviour, such as attempts at identity theft.
Bank relationship management policies:
Prior agreements with banks: Set up protocols with banks so that they request additional confirmation before processing large or unusual transactions. Banks can act as a safety net by delaying transactions that appear suspicious.
Bank account checks: Ensure that the bank accounts to which funds are transferred are verified and match expectations. If there is a sudden change in the beneficiary account, an additional check should be carried out.
Corporate culture:
Encourage transparency: Promote a culture where employees are encouraged to ask questions and question unusual orders, even if they come from management.
Clarity of responsibilities: Clearly define employees' roles and responsibilities for managing finances and transactions. Everyone needs to know who has the authority to authorise a transfer of funds and under what circumstances.
Collaboration with the authorities:
Rapid reporting: In the event of an attempted or successful scam, it is essential to report the incident to the relevant authorities (police, cybercrime) immediately. A rapid response can sometimes make it possible to block the transaction or trace the fraudsters.
Information sharing: Work with other companies to share information on the latest scam attempts and new methods used by fraudsters. Professional forums or business associations can be useful places for sharing information.
FR
EN
