Business E-Mail Compromise (BEC)

Invoices that have already been received are sent again with a changed IBAN number or with the remark to usea different account number for future payments.

This type of fraud refers to an existing email containing a payment order or invoice. The IBAN number to which the amount is to be paid is then altered. In order to access the email, attackers must have had access to either the sender's or the recipient's email account.

Specific measures

If you made a payment, immediately contact the financial institution through which you made the payment. They may still be able to stop it. We additionally recommend that you contact the cantonal police responsible for your place of business and file a criminal complaint. Inform the real sender that their email account/system may have been hacked.
If manipulated invoices are sent in your name, your e-mail account/system may have been hacked. In this case, change your password immediately and check your email filters and forwarding rules. Attackers often create an email forwarding rule that sends a copy of all your received emails to the attackers. In addition, NCSC recommends checking your computer. If you do not have the necessary expertise, contact a specialised company.

Preventive measures

Raise awareness of CEO fraud among all employees! In particular, employees in finance divisions and in key positions must be informed about these potential attacks. In the case of associations, all presiding members and treasurers must receive training.
Do not disclose any internal information and be careful with payment requests. Do not comply with unusual payment requests.
All processes which concern payment transactions should be clearly defined internally and always observed by all employees (e.g. dual control principle, joint signature by two people).

Effects and risks

Loss of large amounts of money
Attackers have access to the company's e-mail infrastructure
They can use the unauthorised access to leak confidential e-mails/data

Further Information

You can find further information on the Swiss Crime Prevention website: https://www.skppsc.ch/de/der-ceo-fraud-in-vier-schritten-erklaert/ (in French, German, Italian)