The APQC Blog

Think Corporate Finance Execs Can’t Be ‘Phished’? Think Again

Greetings and salutations cherished employee,

This is an email spoofing scam masquerading as an executive or trusted vendor. It goes sort of like this:  I am travelling overseas visiting our facilities in Eastern Europe and need funds to confirm our commitment to a building expansion. Please wire 20K Euros to the account below and rest assured you are doing your job well. Your hard work is appreciated.You Can Be Scammed In Email

Best Regards,

Tony Tobias, CFO

The latest online scam to target corporate entities is an elaborate email spoofing system reported by PricewaterhouseCoopers (PwC) through their CFOdirect website.  As described in the report, scammers are disgusting themselves as CEOs, CFOs and vendors through well-duplicated emails from those sources. Once an employee has been duped, the scammers are often able to get away with funds, sometimes on multiple occasions, before being discovered.

Successful implementation of the scam is a result of hard work on the scammers’ part and poor policies at the targeted organizations. Ultimately though, the responsibility for avoiding being taken by the scam falls on the scammers’ marks. Employees with poor a understating of computer and Internet technology and a lack of financial oversight mechanisms result in easy targets. Security counter measures include keeping employees well-informed of ongoing cyber risk threats and deploying redundant control mechanisms to approve money transfers. While these counter measures can take time to implement, they are not outside the realm of possibility for any concerned organization.

APQC also has information related to cyber risk management and the changing role of CFOs with regards to enterprise risk management. While the PwC reported scam will pass, other cyber threats to organizations will emerge, often with the backing and resources of national governments. Organizations must prepare in efficient and dynamics ways to anticipate the next round of cyber threats.   

Follow me on Twitter @MCappelli_APQC or find me on LinkedIn.

Stay up to date with our upcoming financial management process improvement research, webinars, and more by visiting our expertise page.