Be on the lookout for the 'fake CEO'

An online scam involving fictitious emails claiming to be University of Saskatchewan senior managers has recently targeted members of the university community. The scam usually involves a false email address impersonating a senior manager of the University of Saskatchewan requesting assistance to get a bill or invoice paid.

This email scam is commonly referred to as a 'fake CEO scam' and involves fraudsters creating a similar email address, and targeting employees in financial positions within the organization who have the authority to move money. They send realistic-looking emails, requesting urgent wire transfers for what appears to be legitimate business reasons, like “securing an important contract", “a confidential transaction” or “updating a supplier’s payment information".

They often send the targeted fraudulent email when executives are traveling abroad or otherwise difficult to reach. Believing that the request is real, the employee transfers the money—only to find out upon the boss’s return that the email was a scam and the money is gone.

Losses to this type of scam typically range from tens of thousands to millions of dollars. The fake CEO scam is a growing global threat to businesses and organizations of all sizes.

Use these tips to help keep fraudsters out of your organization:
  • Learn more about the fake CEO scam and other “spear phishing” scams to better identify and reject them by completing IT Security Training
  • Double-check with executives when they send wire transfers requests by email, even when they look legit. Don’t use the contact information provided in the message and don’t reply to the email. 
  • Take a careful look at the sender’s email address. It may be very similar to the real one, with only one or two letters different.
  • Follow an established standard process that requires multiple approvals for money transfers.
  • Limit the amount of employee information available online and on social media. Fraudsters use it to find potential victims and time their targeted fraud.
  • Ensure your computer systems are secure, keep antivirus software up to date, and encourage all employees to use strong passwords to protect their email accounts from hackers.

If you receive an urgent message from your dean, department head, or anyone else asking you to wire money, pay an invoice, or send personal information, please proceed with caution or send the email to phishing@usask.ca.