- Always call your boss
If your boss asks you in an email to transfer money or something similar, make sure to confirm the request. Call or text your boss to double check. Don't reply to the email you've received. - Check the sender and be critical
You should always check the sender's email address when you receive emails. Does it really belong to your boss? However, be aware that your boss's email account may have been taken over by criminals. - Pay attention to transfer emails
Is the money transfer in any way abnormal? Pay extra attention if you are asked to transfer money to accounts abroad. Cybercriminals often use foreign bank accounts as they are difficult to trace. Train employees to keep an eye out for anything out of the ordinary. - Inform employees about CEO fraud
Minimize the risk by talking to your employees about CEO fraud so everyone is aware that they could be exposed to fraud. Agree on clear procedures for money transfers. For example, there should always be two people authorizing transfers. - Turn on the audit log
Be careful when clicking on attachments. This could be spear-fishing. This is a specific method that cybercriminals have started to use where they send an email via Microsoft Office 365 with an attachment that looks like a Word document. When the file is opened, the perpetrators gain complete access to the computer and the files cannot be intercepted by antivirus programs. Therefore, the recommendation from the Danish National Police NC3 is to turn on the audit log if your company is hosted by Microsoft Office 365. This will open up investigative opportunities.
