31 Jan 2017
Two instances of CEO fraud were announced yesterday. One victim was a county in Kansas; the other a hospital.
In the first instance, George S. James of Brookhaven, Georgia passed himself off as the CEO of a company requesting payments totaling $566,000 from Sedgwick County, Kansas. The payment was made, but the county later found out that the real company, Cornejo & Sons, LLC, had not received a payment and had not sent the original email requesting the funds.
James was arrested and faces a fine of $25,000 and up to 20 years in a federal prison.
In the other instance, a fraudster posed at a Campbell County Health executive and requested W2 information from all of their 1,400 employees. These employees can expect to be on the lookout for tax return fraud.
Both of these cases could probably have been prevented had the employees handling the requests been trained to spot spoofed emails and if practices had been in place to verify the veracity of the requests. If your employees have not undergone security awareness training, you should sign up now.