Imagine you’re at work on a typical Monday morning. Suddenly, an email from the CEO hits your inbox. It’s marked ‘urgent,’ so you open it right away. She needs you to wire $15,000 to one of your regular vendors ASAP. You make the wire transfer, and head to the break room to refill your coffee. There’s just one problem – that email wasn’t really from your CEO. And that bank account where you sent the funds? That’s not your vendor’s account. You just sent thousands of dollars to a cyber criminal. Uh oh.
It’s a scheme called executive impersonation, a type of business email compromise (BEC) scheme mentioned in an SEC alert issued last month. Unlike a typical scam email, which may have poor grammar or overly suspicious requests, BEC scams are convincing because the criminals spend time figuring out the corporate culture and common phrases and terms used by employees. CPAs should take note, because scammers could try to perpetrate a similar fraud against their small business clients.