 "Fake CEOs swindle Rs 7 crore from Delhi firms: Modus operandi explained")
Imagine your boss messages you with an urgent request to transfer money—but it’s not your boss, it’s a scammer. CEO fraud or Business Email Compromise (BEC) scams have become a global threat, with fraudsters impersonating executives to steal billions.
Recently, Delhi Police’s Intelligence Fusion and Strategic Operations (IFSO) uncovered a sophisticated scam where fraudsters impersonate top executives to dupe employees into transferring funds. Over the past two weeks, three cases have been reported in Delhi, with losses exceeding Rs 7 crore, Deputy Commissioner of Police (IFSO) Hemant Tiwari revealed on Monday.
How the scam works
According to the police, scammers create fake WhatsApp profiles using publicly available photographs of company heads, often sourced from social media or official websites. These profiles are then used to contact employees—usually accountants or financial officers—under the pretext of urgent fund transfers for critical projects or meetings.
"The scammers employ pressure tactics, citing tight deadlines or sensitive deals, to compel employees to act quickly without verification," said DCP Tiwari in a statement. The victims are provided with false account details for the transfers, which often go unnoticed until it’s too late.
The police described the three cases:
More From This Section
First incident: An accounts manager received a WhatsApp message from a fraudster impersonating the company’s managing director. Using the company logo as the profile picture, the scammer requested Rs 1.15 crore, claiming it was an advance for a new project. The manager transferred the funds without verification.
Second incident: A chief financial officer was conned into transferring Rs 4.96 crore in two separate transactions. The scammer, posing as the MD, cited urgent government-related contracts and provided detailed financial account information to appear legitimate.
Third incident: A private firm’s accountant was approached by someone impersonating the brother of the company director. The fraudster requested two payments totalling Rs 90 lakh, claiming they were for urgent official work.
Delhi Police have urged companies to establish stringent protocols to prevent such scams. These include verifying requests through direct communication with the purported sender and educating employees about the risks of impersonation.
“All financial officers should cross-check requests with senior officials before making any transactions,” Tiwari added. The police also recommended multi-level approval systems for high-value transfers and regular training sessions for employees to identify potential scams.
BEC scams in focus
Such scams are not unique to India. Around the world, businesses have faced similar challenges, often with massive financial consequences.
Take a look at some of the cases:
Deepfake scam in Hong Kong (2024): A multinational company lost HK$200 million (approximately US$25.6 million) after scammers used deepfake technology to replicate the CFO’s appearance during a video call. This convinced an employee to authorise several large transfers.
UK deepfake CEO scams (2023): At least six major UK companies, including some FTSE-listed firms, were targeted by cybercriminals using AI-generated deepfakes. Fraudsters mimicked executives via WhatsApp messages and voice notes to facilitate fraudulent transfers.
Toyota Boshoku Corporation (2019): The Japanese subsidiary of Toyota suffered a $37 million loss when attackers impersonated an executive via email. The fraudulent emails were convincing enough to prompt a large wire transfer.
Ubiquiti Networks (2015): A technology firm in the US lost $46.7 million in a BEC attack. Scammers, posing as company executives, used email to direct employees to transfer funds into accounts under their control.
Crelan Bank (2016): This Belgian bank discovered a €70 million fraud during an internal audit. Criminals impersonated executives to authorise the transfer.
Pathé Theatres (2018): The French cinema chain lost over €19 million when fraudsters, pretending to be the CEO, tricked finance managers into wiring funds for a fictitious acquisition.
MacEwan University (2017): The Canadian university fell victim to an $11.8 million scam after attackers posed as a senior executive, requesting transfers to fake vendor accounts.
Leoni AG (2016): A German cable manufacturer lost €40 million after being targeted in a BEC scam. The emails, crafted to appear from a senior executive, successfully deceived employees handling financial transactions.
Financial impact
Between 2013 and 2023, the FBI recorded BEC-related losses totalling $55.5 billion globally. These scams have affected organisations in 186 countries, with fraudulent transfers reported to over 140 nations.
FBI suggests ways through which organisations can protect themselves:
Verify requests: Always confirm unexpected or urgent fund transfer requests through direct communication with the sender.
Implement multi-factor authentication (MFA): Adding another layer of security to email accounts and transactions can reduce vulnerability.
Employee training: Regular sessions on scam awareness and vigilance can help employees spot potential fraud.
Secure email systems: Use anti-phishing tools and email filters to block suspicious messages.
Adopt strict protocols: Multi-level approvals for financial transactions and internal checks can prevent fraudulent authorisations.