Beware: Fake invoice used in $236K CEO scam

Hackers are now posing as company execs to send fake invoices and extort money

Beware: Fake invoice used in $236K CEO scam

A company in south-western Ontario was scammed using a fake invoice that demanded $236,000 in payment, Ontario Provincial Police (OPP) said.

The fraudulent activity reportedly began in mid-April when fake invoices were sent to a Norfolk business through a hacked email account.

Authorities said an employee in charge of settling payments received two invoices from a US-based firm asking for the amount. The employee paid the alleged dues but became suspicious and reached out to the owner of the US company. The email address where payment had been remitted turned out to be hacked, police said.

This criminal activity – dubbed as the ‘CEO scam’ – involves hackers posing as CEOs or other company executives. After criminals gain access to official email accounts or create fake ones in the name of company execs, they falsify documents such as invoices to fool unsuspecting employees responsible for settling payments or transferring funds.

OPP is encouraging businesses to be more vigilant against such scams by educating all employees about malicious correspondence, especially those that pretend to be urgent matters communicated via email.

Employees should raise a red flag and communicate concerns to their manager in cases where the messages they receive seem suspicious.

IT departments should also monitor employee correspondence closely, whether they are done through chat, phone or email, and especially when it involves external correspondents.

Finance departments, on the other hand, should implement rules and procedures that would require more than one person to sign off on fund transfers.

If you have information about this or other similar incidents, please contact the police immediately.