What is CEO Fraud?
CEO (Chief Executive Officer) Fraud is when an email or call comes from a fraudster to an NHS organisation, claiming to be the CEO (or sometimes a senior director, such as a Director of Finance). The fraudster typically requests that funds are transferred to a certain bank account (one in the hands of the fraudster). The member of staff receiving the call or email often feels pressured to comply due to the apparent seniority of the sender and the urgent nature of the request.
How to spot CEO Fraud?
CEO Fraud is a type of mandate fraud and can occur in different ways, below are some things to look out for:
- A telephone request is received where the caller is suggesting some urgency in making a change to a supplier’s bank account details.
- An email request if received from an unknown email account which is not recorded on the NHS organisations records.
- An email is received where a minor amendment has been made to the sender’s address details, giving the impression that it is a genuine and correct email at first glance. For example, the genuine address is joebloggs363@mail.com but the fraudulent email came from joebloggs36@mail.com. Staff should always check the authenticity of an email received from a supplier (e.g. the domain name) by using established supplier contact details already held on file.
- A written request is received in the form of a letter or invoice that does not contain the supplier’s logo, or the logo may be less sharp or slightly blurred (this would most likely be a scanned copy of an original document which has been counterfeited).
If you suspect CEO Fraud….
- If you get a call from an individual claiming to be the CEO (or another senior officer) and you believe that this is suspicious, hang up and call the individual back using contact details held by the trust.
- If you get an email from someone claiming to be the CEO (or another senior officer) then check that the senders email address matches the email contact information provided by the trust. If you have any doubts, then do not respond and report your concerns immediately.
- If the fraud attempt was via email, then do not click on any links. Please forward the email onto your organisation’s IT Service Desk.
- If you suspect that CEO Fraud has occurred, the trusts escalations process should be followed, and immediate action is crucial and may prevent any loss of NHS funds. Staff must act immediately by alerting their Local Counter Fraud Specialist.
Remember – All fraud whether suspected, attempted, or successful should be reported to your Counter Fraud Specialist.
Further information on CEO Fraud can be found on the NHS Counter Fraud Authority’s (NHSCFA’s) website: Mandate fraud risks | COVID-19 guidance| NHS Counter Fraud Authority (cfa.nhs.uk)
You can also report any suspicions which you may have anonymously, using the QR code below: