Social Engineering

This is how they often operate, although there can also be other scenarios:

• Tricksters call or e-mail companies and pretend they are auditors or inspectors who have been appointed to make a record of the way the company’s internal payment processes are carried out. Sometimes they claim to be government departments conducting a survey. This enables them to gain an idea of the various employees’ levels of payment authority.
• They then contact those employees with the authority to conduct large payments. The scammers pass themselves off as the CEO or CFO – often from the company’s foreign head office – and talk about the acquisition of a foreign entity or a tax inspection. In all cases, there will be an urgent payment that needs to be made. Of course, the whole thing is strictly confidential and must not be discussed with anyone else.
• Very soon afterwards, they call back again and confirm that the confidential payment needs to be carried out right away.
• If the employee has any doubts, reference is made to his or her authority, flattery is used and the names of important people in the organisation are also mentioned. The fraud succeeds when, in the end, the employee himself or herself makes the payment the scammer is requesting.
• The fraudsters then take the money from the foreign account and disappear into the sunset.