To be or not to be your CEO. That is the question.

Would you be able to spot a deep fake video of your CEO? Companies should prepare for the next wave of cybercrime in which criminals use AI-based software to impersonate voices and images. In this frightening new world, rigorous processes are key to managing a swift response to fraud, says Joe Hancock

How well do you know your CEO? This year criminals used AI-based software to impersonate a chief executive’s voice to defraud a UK-based energy firm out of €220,000. Experts believe the fraud was the first to be reported in Europe in which criminals clearly drew on AI, so companies should be prepared. The next wave of cyber fraud is expected to be ‘spear phishing’ – attacks that target individual CEOs and their companies using AI-generated voices, deep fake videos and more.

Cyber fraud is a booming business. It is predicted to cost the global economy $6 trillion by 2021 and can affect anyone or any company. It used to be considered a legal or revenue-protection problem, but these days it increasingly involves chief information officers, chief technology officers and chief information security officers. And rightly so. My own experience, however, indicates that many organisations are simply not prepared. There is a widespread failure to recognise that financial fraud is a risk that comes under their watch.

Without doubt, there is a need for more education about financial fraud, including the rapidly evolving technological weapons available to criminals and what can be done in terms of protection. But equally important is the need to establish effective anti-fraud processes within organisations. All too often, we see the window to recover funds has long since closed because responsibilities were unclear and processes not followed.

Speed is of the essence to combat cyber fraud, but you can only be quick if you know what to do. First, identify those who must be told of possible frauds – this may vary according to how big the fraud is. Make sure those people know they are responsible and that they understand the next steps. Our advice is always to follow the money first and investigate afterwards because this maximises the chances of recovery. Only if you have the resources should you attempt the two in parallel.

In a small company, the person assigned to dealing with fraud may have several other responsibilities; in a large organisation, the chances are it will be the chief information security officer. Again, our advice is to make sure you address the risk to your organisation with the appropriate level of resources and build fraud risk management into other risk-management processes such as tech, cyber, data and environmental risk.

Hold regular workshops to keep staff informed and alert about the risk of fraud and make them aware of how phishing and spear phishing are used to get emails, passwords and bank details. Explain how fraudsters access personal details to try to trick a victim and how they can impersonate customers, suppliers, banks, senior staff members and even the tax authorities.

Employ real-time threat software that can raise an alert when something goes wrong. Have processes within the accounts department to check payments and use two-person authorisation for larger transfers and payments. Whatever processes you put in place, ensure all staff realise the importance of following them at all times.

Foster a culture of care – and make sure that anyone who questions a payment or email that turns out to be bona fide is not made to feel bad, and is perhaps even rewarded. Time and again, a fraud is successful because people haven’t followed process, particularly when the order for payment has come from a senior member of staff. The natural inclination is to obey the hierarchy.

Next time you hear from the CEO it might not be by email; it might be a FaceTime call. You might be asked to transfer £20,000 to a Swiss bank account and congratulated at the same time on your recent wedding. Just because it looks like the CEO doesn’t mean it is the CEO. And just because you got married recently and the company gave you a nice gift, it doesn’t mean the CEO knew about it. The fraudsters did their research. Think twice. Think process.

Joe Hancock is Partner and Head of Cyber at Mishcon de Reya

Keep reading

OffshoreAlert – Marbella – 19-21 June 2024
We are excited to that our sponsors Grant Thornton UK LLP, Kevin Hellard and Colin Diss are attending and sponsoring OffshoreAlert Marbella! Get ready to experience an unforgettable blend of business and pleasure at OffshoreAlert Marbella 2024! Set against the stunning backdrop of the Kempinski Hotel Bahía in Estepona, Spain, this premier event will take place from June 19-21. Join us to
‘Project Prevenirea și Perturbarea’ (Project Prevent & Disrupt (PSP)), Press Release, STOP THE TRAFFIK
With funding from the UK Home Office and British Embassy Bucharest, as well as the International Fraud Group, STOP THE TRAFFIK (STT) launches ‘Project Prevenirea și Perturbarea’ (Project Prevent & Disrupt (PSP)), a programme aiming to disrupt sexual exploitation between Romania and the UK. Right now, the Romania to UK route is heavily run by
IFG Flagship Fraud Conference. At the Epicenter! Hong Kong, 25th April 2024!
We were delighted at the success of our Spring Conference which was hosted in Hong Kong by Mishcon de Reya LLP in association with Karas So LLP at the Asia Society. A Welcome Address was given by our IFG Chairman Gary Miller and Kevin So, Partner at Karas So LLP which then followed Ken Peng as our Keynote speaker. We had four great panels
Black Swan free-standing orders available in Cyprus!
Introduction ‘Black Swan’ freestanding injunctions in aid of foreign substantive proceedings, have been available in the BVI since 2010, making the BVI a very appealing jurisdiction for claimants seeking to safeguard their interests. However, in May 2020 the Eastern Caribbean Court of Appeal in Broad Idea International Limited v Convoy Collateral Limited BVIHCMAP2019/0026, directly overruled Black Swan. Then,