CEO fraud – the fastest growing fraud in the UK

18 Dec 2017

Fraud in the UK is on the rise – in no area do we see this trend more acutely than within the private sector. According to recent research by the Office for National Statistics (ONS), the UK’s police forces had recorded an estimated 10.8 million criminal incidents in the year to June… 5 million of these offences included fraud, online crime and computer misuse – up four per cent on 2016 figures.  

Despite 3.5 million cyber-crime incidents recorded, experts believe that the true figure could be closer to 20.5m. The Crime Survey for England and Wales (CSWE) believes that just 17% of fraud incidents actually come to the attention of the police or Action Fraud. Estimates now place the cost of fraud to the UK’s private sector at £144bn per year. Phishing attacks in particular have risen by more than a fifth in the year to May 2016 - costing over £280m alone.

A phishing attack is, defined by the Unites States Computer Emergency Readiness Team (US-CERT), as: “An attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual.” Such attacks are directly targeted at users, with the aim to have them click on a malicious URL for financial gain.

One of the most prevalent forms of fraud in this landscape, however, is that of CEO fraud – a sub-group of the aforementioned ‘phishing attack’ aimed at high ranking company employees. Instead of a generic email with a low likelihood of the recipient clicking the link, hackers can spend days researching and finely crafting each iteration. The attack can feature company email signatures, real names, and even accurately spoofed email addresses. The issue with this type of fraud is simple – they look as realistic as possible, and have a high chance of success.

In line with this risk, Action Fraud has now issued a warning – advising businesses to be on “high alert”. The watchdog highlighted 994 reports of fraud between July 2015 and January 2016 at a value of £32m. Considering that CSWE believes only 17% of said frauds are reported, this figure could be significantly higher - almost 6,000 reports, accompanied by over £188m in lost funds. Whilst Action Fraud notes the average amount given to hackers is equal to £35,000, the highest it has noted is £18.5m.

The solution recommended by Action Fraud is one of constant vigilance – education of staff, the firm believes, is essential to maintain security. The watchdog lists a number of strategies to avoid the threat of CEO fraud: ensuring all staff are aware of the threat, verification protocols, reviewing financial transaction inconsistencies, and minimising the publically available information on the company. In closing, Action Fraud specifies one of the most effective strategies is to ensure computer systems are secure.

For legal professionals, fraud is one of the fastest growing issues – often with financial lenders set against the organisation the funds have been stolen from. Whilst cyber insurance is indeed a mitigating factor, even a small percentage of these issues making it to court will result in a greater need for lawyers and solicitors. Fraud isn’t going anywhere. At Kaplan Altior, we offer a Certified Fraud Examiner qualification for legal professionals – currently the only CFE course in the UK. Find out more about how we can help