Please beware of attempts to obtain corporate clients’ funds with the use of e-mails sent on behalf of CEOs of companies.
The fraudsters try to convince mBank CompanyNet users that they must make an urgent payment to a foreign account. The request for a transfer is sent in a confidential e-mail from a purported CEO to a person responsible for executing payments.
Usually, the scenario for such fraud has two stages. In the first stage, the victim is asked to provide the balance in the account:
Then, the victim is requested to make a transfer to a bank account held with a foreign bank indicated by the perpetrator (usually, the account is registered in Great Britain or Spain):
The fraudsters use mailboxes created specifically for this purpose, however, in the “FROM” field, there is the CEO’s name and surname. We recommend that you check the sender’s e-mail address carefully. Fraudulent e-mails are sent from unusual domains, for instance @aol.pl. Cybercriminals frequently use an e-mail address similar to the actual e-mail address of a given company.
We recommend that each transaction of this kind be confirmed by telephone with the e-mail sender.
If the transfer to the fraudster’s account has already been made, the victim should immediately contact the bank and inform law enforcement agencies. Please note that in such a situation, prompt reaction is of particular importance as time is the key factor when it comes to recovering the funds subject to fraud.