Social engineering

Social engineering

Fraudsters becoming ever more creative: social engineering
Security for payments is becoming stronger all the time. So criminals have stopped trying to hack computers as much, and are instead trying to exploit employee trust, a technique known as social engineering or CEO-fraud.

How the fraudsters operate

Step 1: They figure out the authorisations for signing transactions

The fraudster pretends to be an auditor or a person of authority in your company.
He/she approaches various employees by e-mail or telephone and questions them about the signing powers of employees.

Step 2: They contact an employee who is authorised to sign for large amounts

The fraudster pretends to be the CEO, CFO or another person of trust in your company. Under the pretence that it involves the acquisition of a company or a tax audit, the fraudster asks the employee to carry out a large, urgent transaction in secret, in most cases to a foreign account.

Step 3: They persuade the employee to carry out the transaction

If the employee has doubts, the fraudster pulls rank or uses flattery and starts dropping names of important people in order to put the employee under pressure. If the employee executes the transaction, the fraud is a success.

What you should do

  • Limit the individual signing powers of a single employee. Make it a requirement that transfers above a set amount are signed by two or more people.
  • Do not respond to questions from strangers trying to find out who makes payments in your company.
  • Be selective about the information you put on the Internet about your company.
  • Do not act based on an e-mail or telephone request, but ask for a personal meeting. In any case, contact the person making the call from a known, fixed number.