Digital fraud: the fake CEO of the international group

24 April 2024

Italy

Banking

Summary: Corporate fraud has taken new and insidious forms in the digital age. One of these puts multinational groups in the crosshairs: it is the so-called “CEO Fraud.” This type of fraud is based on the fraudulent use of the identity of top corporate figures, such as CEOs or board chairmen. The modus operandi is devious: the fraudsters pose as the CEO or a senior executive of the multinational group and directly contact the Chief Financial Officers (CFOs) of the subsidiaries or affiliates, simulating a nonexistent confidential investment transaction to induce them to make urgent transfers to foreign bank accounts.

Background and dynamics of the CEO Fraud

CEO Fraud is a form of scam in which criminals impersonate senior management figures to trick employees, usually CFOs, into transferring funds into bank accounts controlled by the fraudsters. The choice to use the identities of apex figures such as CEOs lies in their perceived authority and ability to order even large payments, requested urgently and with instructions for strict confidentiality, without raising immediate suspicion.

Fraudsters adopt various communication tools to make their fraud attempts credible: at the starting point is usually a data breach, which allows criminals to gain access to the contact details of the CEO or CFO (email, landline phone number, cell phone number, whatsapp or social media accounts) or other people within the administrative office with operational powers over bank accounts.

Sometimes knowledge of this information does not even require illegitimate access to the company’s computer systems because those targeted by the scam spontaneously make this information public, for example, by indicating it on their profiles on the company website or by publicly displaying contacts on profiles in social media accounts (LinkedIn, Facebook, etc.) or even on presentations, business cards and company brochures in the context of public meetings.

Still other times, scammers do not even need to appropriate all the data of the CEO they want to impersonate, but only the recipient’s, and then claim that they are using a personal account with a different number or email address than those usually attributable to the real CEO.

Contacts are typically made as follows:

WhatsApp and SMS: The use of messages allows for immediate and personal communication, often perceived as legitimate by recipients. The fake CEO sends a message to the CFO using a cell phone number from the country where the parent company is based (e.g., +34 in the case of Spain), writing that it is his personal phone number and using a portrait photo of the real CEO in the WhatsApp profile, which reinforces the perception that the fraudster is the real CEO.
Phone calls: after the initial contact via text message, a phone call often follows, which may be either directly from the fake CEO or from a self-styled lawyer or consultant instructed by the CEO to give the CFO the necessary information about the fake investment transaction and instructions to proceed with the urgent payment.
Email: as an alternative to or in addition to texts and phone calls, communications may also go through emails, often indistinguishable from authentic ones, in which text formats, company logos, signatures, etc. are scrupulously replicated.

This is possible through various email spoofing techniques in which the sender’s email address is altered to appear as if the rightful owner sent the email. Basically, it is like someone sending a postal letter by putting a different address on the back of the envelope to disguise the true origin of the missive. In our case, this means that the CFO receives an email that-at first glance-appears to come from the CEO and not the scammer.

We also cannot rule out the possibility of fraudsters taking advantage of security holes in corporate systems, such as directly accessing internal chats within the organization.

In addition, the increasing popularity of morphing tools (i.e., creating images with human likenesses that can be traced back to real people) may make it even more difficult to unmask the scammer: to messages and phone calls we could, in fact, add video messages or even video lectures apparently given by the real CEO.

The (fake) takeover of a competitor company in Europe

Let us look at a real-life example of CEO Fraud to illustrate the practical ways in which these frauds are organized.

Scammers create a fake WhatsApp profile of the self-styled CEO of a multinational group based in Spain, using a Spanish phone number and reproducing the profile photo of the authentic CEO.

A message is sent through the fake account to the CFO of a subsidiary in Italy, announcing that a confidential investment transaction is underway to acquire a company in Portugal. This will require transferring a large sum to a Portuguese company the following day at a local bank.

The message stresses the importance of keeping the transaction strictly confidential, which is why the CFO cannot disclose the payment request to anyone: a confidentiality agreement from a (fake) law firm is even emailed before payment is made, which the CFO is persuaded to sign and return to the phantom lawyer in charge of the transaction.

Instructions for proceeding with the transfer are emailed to the CFO, again stressing the urgency of making the payment on the same day.

The day after arranging the transfer, having heard nothing more from the fake CEO, the CFO arranges to contact him at his corporate phone number and discovers the scam: by that time, however, it is too late because the sums have already been transferred by the criminals to one or more current accounts in foreign banks, making it very difficult, if not impossible, to trace the funds.

The main features of CEO fraud

Persuasion: the fact that fraudsters impersonate apex figures and make the CFO feel invested in important duties generates in the victim a desire to please superiors and to let their guard down.
Pressure: fraudsters instil a great sense of urgency, demanding payments extremely quickly and intimating secrecy about the transaction; this causes the victim to act without thinking, trying to be as efficient as possible.
Speed: It is good to know that a request for an urgent wire transfer cannot be withdrawn, or can be withdrawn by recall only under extremely tight deadlines; fraudsters take advantage of this to pocket the sums at banks that are not too scrupulous or to move them elsewhere, at most within a few days.

How to prevent these scams

CEO Fraud schemes can be very sophisticated, but they often have signs that, if recognized, can stop a scam before it causes irreparable damage.

The main clues are the atypical modes of contact (whatsapp, phone calls, emails from the fake CEO’s personal accounts), the request for strict confidentiality about the transaction, the urgency with which large sums are requested, the fact that the transfer is to be made to banks abroad, and the involvement of companies or individuals never previously mentioned.

To prevent scams such as CEO Fraud, corporate training of employees on how to recognize and respond to scams is crucial; it is also essential to have robust internal security procedures in place.

First, an essential and basic precaution is to adopt verification systems that scan e-mail messages for viruses and flag the origin of the e-mail from an account outside the corporate organization.
Second, it is critical that companies implement clear processes for payments to third parties, especially if the arrangements are different from the company’s standard operations. One way to do this is to provide value limits on the powers of disposition over current account operations, beyond which dual signatures with another director are required.
Finally, and generally, it is good to adopt all the rules of common sense and diligence in analyzing the case. Better to do one more internal check than one less; for example, in the case of a particularly realistic but nonetheless unusual request, forwarding the exchange with the alleged scammer to the address we believe to be real and asking for further confirmation in the forward email, rather than responding directly in the email loop, allows us to tell if the sender is bogus.

Legal actions to recover funds.

After the fraud is discovered, it is crucial to act quickly to increase the chances of recovering lost funds and prosecuting those responsible.

Possible Legal Actions

Prompt notification to the company’s bank to block or recall the wire payment, in addition to a timely criminal complaint in the country where the bank receiving the payment is based, are immediate steps that can help contain the damage and begin the recovery process.

In fact, in many countries, the pattern of CEO Fraud is well known, and specialized law enforcement units have the tools to move in a timely manner following a report of the crime.

Criminal investigations in the country of payment destination also allow for verification that they are the account holders and the people involved in the scam attempt, in some cases leading to the arrest of those responsible.

After attempting to obtain a freeze on the transfer or funds, it may then be possible to assess the behavior of the banking institutions involved in the affair, particularly to verify whether the beneficiary bank properly complied with its obligations under anti-money laundering regulations, which impose precise obligations to verify customers and the origin of funds.

Conclusions

CEO Fraud is a significant threat to companies of all sizes and industries, made possible and amplified by modern technologies and the globalization of financial markets. Companies must remain vigilant and proactive, continually updating their security procedures to keep pace with fraudsters’ evolving techniques.

Investment in training, technology and consulting is not just a protective measure, but a strategic necessity for business operations.

Finally, if the scam is successfully carried out, it is crucial to take prompt action to try to block the funds before they are moved to bank accounts in other countries and thus made untraceable.

Summary

The reform of the Brazilian Bankruptcy Act brings forward important changes in both reorganization procedures and liquidation measures.

When the Brazilian Bankruptcy Act was about to reach its 15^th Anniversary, a major amendment was enacted. It was needed, in fact. Over the past 15 years, creations of the Bankruptcy Act have been tested, and practical experiences showed that some tools needed adjustments, and others demanded complete change.

The goal of this article is to list the top five most relevant novelties.

#5 – Reorganization plan presented by creditors

Before: the amendment, the construction of the reorganization plan was exclusively the responsibility of the debtor. If the majority of the creditors’ meeting decided to reject the plan, the automatic consequence would be the conversion into bankruptcy (liquidation).

Now: in cases like this, the creditors have the right to present an alternative judicial recovery plan. As a result, creditors assume a more relevant role in corporate restructuring.

#4 – Mediation focusing on the turnaround

Mediation is now encouraged in ongoing judicial reorganization processes so that creditors and debtors may find a way out to overcome the crisis.

The most important novelty is the anticipated mediation, which goal is to avoid reorganization and liquidation. In this procedure, the debtor convenes creditors for a mediated negotiation, and they may seek the judge for an order to stay enforcement measures.

#3 – Distressed assets operations

The disposal of debtor’s assets is now simplified in both judicial reorganization and bankruptcy. Particularly in bankruptcy – in which case maximizing the use of assets is essential – the law authorizes the anticipated sale, adjudication by creditors, and even the donation of assets that creditors are not interested in acquiring.

Besides that, the distressed assets acquisitions and M&A deals are now safer, with a clearer legal provision of a liability shield in favour of the purchaser.

#2 – Debtor-in-Possession (DIP) Financing

The lack of incentive to finance the debtor undergoing judicial reorganization has always been a reason for criticism by stakeholders. In the absence of legal provisions, potential financiers could be insecure about the risks of the operation and the lack of clear advantages to offset the risk.

The complaints were addressed with the legal treatment of the debtor’s financing during judicial reorganization. This type of financing is known as Debtor-in-Possession (DIP) Financing.

The debtor is allowed, through judicial authorization, to conclude financing contracts to pay for the maintenance of his activities and assets, as well as to be liable for restructuring expenses.

As a guarantee for the financing, the debtor may offer his own assets and rights or those of third parties, even if they belong to non-current assets, that is, assets not originally intended for sale, but which serve the business structure (machinery, for example).

#1 – Cross-Border Insolvency

Brazilian law finally incorporated the Uncitral Model Law on Cross-Border Insolvency. An integrated world full of global companies imposes the need to provide for specific rules on cross-border insolvency, which were hitherto non-existent, in order to eliminate the insecurity about the reach of foreign procedures for Brazilian creditors and about the effect of Brazilian procedures for foreign creditors.

We now have a new panorama, with the possibility of procedures abroad having effects in Brazil and also of Brazilian procedures reaching foreigners.

There is a detailed treatment of the participation of foreigners in Brazil and the international cooperation between judges and other authorities to put the fundamental principles that govern the entire insolvency system in motion, namely, the improvement of legal certainty, efficient management of the processes, maximization of assets, preservation of the company, and optimization of asset liquidation.

These are the five main new features, in a nutshell. If you are interested in learning more about any of these topics or if you want to stay updated on insolvency – turnaround in Brazil, please get in touch.

On 6 January 2022 Ukraine finally cancelled almost a two-year long moratorium for the creditor-trigged insolvencies. The moratorium was imposed in the late spring 2020 as a part of the nation’ response to first wave of COVID pandemic.

In a nutshell, the moratorium prohibited creditors from requesting insolvency action against those debtors whose obligations matured after 12 March 2020. A separate set of measures also lifted an early warning duty obliging directors of the companies in distress to file for insolvency within one month from a moment when the distress appeared.

The moratorium was heavily criticized by both domestic and international creditors, who legitimately blamed it for a non-selective approach.

As further 2021 statistic shown, the moratorium never seemed to reach a goal proclaimed by it authors and made no increase for insolvency relief requests by the debtor companies.

Instead, the country has been facing a steady increase in “zombie” companies having little to none liquidation value – and their owners clearly intending to get away with no creditor repayment.

With the moratorium being lifted off the creditors do expect to show no mercy to their Ukrainian debtors. This particularly worries those debtors potentially involved in wrongful trade or fraudulent action. Even with the moratorium in place in 2021 Ukrainian courts confirmed more than UAH 150 mln in creditors loss to be paid by the insolvent companies’ management and owners themselves. This number is expected to triple in 2022 – and there already were Supreme Court’s 2021 judgements confirming liability of the real owners standing behind opaque shareholder company and nominal directors.

As the creditors’ agitation grows, so do the debtor company owners’ concerns. As the owners\management liability process is extremely bespoke and often requires swift action, it is of crucial importance to get a throughout legal advise on either side – and much better to do that before the actual claim has been brought.

Lebanon’s secure banking sector plays an important role in the country’s stability and economic status. High liquidity and compliance with all international regulatory standards make it one of the most profitable in the region.

Stability

The Lebanese banking sector owes its solidity primarily to the stringent policies applied by the Lebanese Central Bank (LCB). Efforts are constantly being made to fight money laundering and terrorism funding.

The Lebanese diaspora also contributes to the stability through the flux of transfers and deposits of extraterritorial income. Compared with an estimated population of 4.9 million inhabitants, about 16 million Lebanese live abroad, largely engaged in trade and finance, and mainly concentrated in South America.

The banking sector’s stability is also bolstered by the currency exchange rate, which has been stable since 1997, when the Lebanese Pound (LBP) was pegged to the United States Dollar (USD) at a rate of 1507.5 LBP to the USD.

Banking Secret and Automatic exchange of Information

The Lebanese Banking Secrecy Law of September 3, 1956 was a key aspect in the expansion of the sector. Bank secrecy is applied to any bank operating in Lebanon, local or foreign, and prohibits the disclosure of any details or information about any account or accountholder. For long time this law has increased confidence in Lebanese banking together with the amount of foreign capital coming into the country.

Before the last economic and financial global shocks, the veil of banking secrecy could be lifted only with prior approval of the accountholder, in case of bankruptcy; for the exchange of information between banks about indebted accounts; and in case of legal actions between a bank and a client or illicit enrichment.

Nowadays, banking secrecy does not apply to US citizens because of the Foreign Account Tax Compliance Act (FATCA) that requires foreign banks to report American accountholders to the tax authority of the US. Even though Lebanon has not agreed to be FATCA compliant as a whole, individual Lebanon banks have agreed to comply.

Moreover, in 2016 Lebanon joined the Global Forum on Transparency and the Automatic Exchange of Information (AEOI) for tax purposes, committing to implement a series of regulatory reforms to better comply with the Common Reporting Standards of OECD.

Consequently, if the requested information is protected under the Banking Secrecy Law of 1956, the request will be forwarded to the Special Investigation Commission (SIC) at the Central Bank with an opinion from the Ministry of Finance for review before it can be disclosed to the foreign tax authority based on an information exchange agreement.

The regulatory framework and supervision of the banking sector is already in compliance with international standards, such as Basel I, II, and III. Abiding by these laws does not eliminate banking secrecy. New regulations just aim to provide a more effective tool to counter the fight against tax evasion and to track suspicious operations for money laundering purposes, or self-laundering, based on tax offenses.

According to the AEOI, starting from September 2018 Lebanese Tax Authority will exchange information automatically on non-residents, and will have access to information on residents who hold assets abroad. No issues for Lebanese residents.

The new legislation will impact: banks, brokers, trusts, fiduciaries, insurance companies, although only for a few products, and certain collective investment funds.

Corporate Governance

As part of the strategy to integrate Lebanon further into the international community and the global economy, corporate governance in banks is necessary to guarantee fairness, transparency and accountability.

It is mandatory for banks while optional for other companies. In fact, an innovation took place in the banking sector on July 26, 2006 when the Governor of the Lebanese Central Bank enacted the Basic Decision No. 9382 to order to comply with the banking rules instituted by the Basel Committee.

Account freedom and flexibility

Lebanese banks are known for being open to foreign investors and have branches worldwide. Foreign individuals or companies can easily open a bank account in Lebanon in any currency and benefit from all banking advantages offered to Lebanese citizens. Further, amounts deposited in Lebanon are exempt from taxes and the interest received is subject to a tax rate of 5-percent.

The author of this post is Claudia Caluori.

From 18 January 2017, the new European Regulation 655/2014 establishing a European Account Preservation Order procedure to facilitate cross-border debt recovery in civil and commercial matters will enter into force.

The Regulation foresees in a procedure to seize bank accounts of your debtor in other EU Member States (except when your debtor is domiciled in United Kingdom or Denmark), without that the debtor is notified hereof. The debtor will only notice once the seizure is into force.

Such cross-border seizure can be obtained before the Courts of an EU Member State who would have jurisdiction on the merits of the case under the EU Regulation 1215/2012 (Brussels I bis).

The seizure can be requested before, during or even after the procedure on the merits of the case. The request has to be filed using a standard document.

To grant the request, the Court will have to examine 1) if there is urgency (periculum in mora) and 2) if there is on basis of the provided evidence enough reason to assume the Court will also decide in favor of the creditor in the proceedings concerning the merits of the case (fumus boni iuris). Although these principles are not unknown to national legislation, both will have to await the autonomous interpretation by the European Court of Justice.

The new EU Regulation 655/2014 is however not created to bully any unwilling debtor by filing preservation order after preservation order. The Regulation foresees 2 mechanisms to avoid such practices:

According to art. 12, the creditor can be required to provide a security when he has not obtained any judgment in favor yet;
The creditor will also receive a fixed delay in which he has to undertake a proceedings about the merits of the case.

The new European Regulation 665/2014 also foresees a mechanism where a creditor can request information about his debtor’s bank account(s) in a certain Member State.

Not unimportant, as the creditor needs to indicate the bank account number in his request for a transnational seizure (under Belgian national law, the indication of the name of the Bank would already be sufficient).

Art. 14 of the Regulation now foresees what one could call a bank account disclosure mechanism:

“Request for the obtaining of account information

Where the creditor has obtained in a Member State an enforceable judgment, court settlement or authentic instrument which requires the debtor to pay the creditor’s claim and the creditor has reasons to believe that the debtor holds one or more accounts with a bank in a specific Member State, but knows neither the name and/or address of the bank nor the IBAN, BIC or another bank number allowing the bank to be identified, he may request the court with which the application for the Preservation Order is lodged to request that the information authority of the Member State of enforcement obtain the information necessary to allow the bank or banks and the debtor’s account or accounts to be identified”.

In a few Member States (including Belgium), such disclosure mechanism is completely new. The Regulation leaves it up to the Member States how they will organize this new disclosure, by giving a few examples:

“Each Member State shall make available in its national law at least one of the following methods of obtaining the information referred to in paragraph 1:

(a) an obligation on all banks in its territory to disclose, upon request by the information authority, whether the debtor holds an account with them;

(b) access for the information authority to the relevant information where that information is held by public authorities or administrations in registers or otherwise;

(c) the possibility for its courts to oblige the debtor to disclose with which bank or banks in its territory he holds one or more accounts where such an obligation is accompanied by an in personam order by the court prohibiting the withdrawal or transfer by him of funds held in his account or accounts up to the amount to be preserved by the Preservation Order; or

(d) any other methods which are effective and efficient for the purposes of obtaining the relevant information, provided that they are not disproportionately costly or time-consuming.

Does this mean any creditor can just run to the Court and ask information?

No, some conditions apply:

the creditor needs to be in possession of an enforceable judgment;
there need to be reasons to believe the debtor holds bank accounts in this Member State.

Conclusion: it will be interesting to see how the Member States will apply this new mechanism. Whether it will be effective, will also depend on the interpretation of ‘reasons to believe the debtor holds bank accounts in this Member State’. This will probably be the key to the question if this will end the Pyrrhus decisions, where a creditor is accorded his claim but cannot find assets to seize.

The author of this post is David Diris.

Roberto Luzi Crivellini

Practice areas

Arbitration
Distribution
International trade
Litigation
Real estate

Contact Roberto

Other articles that may interest you
Other articles by Roberto

Brazil – Reforms in Insolvency and Turnaround

Banking
Insolvency

Brazil

Ukraine: new hope for the creditors as the debtors’ concern grows

Banking
Insolvency

Ukraine

The Lebanese Banking Sector

Banking
Corporate

Lebanon

The EU Regulation 655/2014 on transnational seizures on bank accounts

Litigation
Banking

Europe

Distribution Contracts in Spain

Distribution

Spain

How to establish a «Limited Liability Company» (S.r.l.) in Italy

Corporate

Italy

How to manage price changes in the supply chain

Contracts
Distribution

Italy

The Supply Framework Agreement

Contracts
Distribution

International distribution agreements | 7 lessons from the history of Nike

Contracts
Distribution

Italy

Confidentiality Agreements (NDA) and Memorandum of Understanding: what is the difference and when to use them?

Contracts

Italy

China – Internet Frauds and online Scams

Distribution

China

The Effects of Coronavirus on the International Supply Chain

International trade

China
Italy

China – Trade mark registration

Trademark and Patents

China

Contact Digital fraud: the fake CEO of the international group