It was an ordinary day at the office. Danutė and her colleague Ingrida checked whether all supplier invoices for the previous month had been paid and whether all managers had submitted any necessary information. Ingrida left early and Danutė decided to archive the documents. After making another coffee, she sat down in front of the computer. And then an email from Vygandas, the director, who was on holiday, dropped into her mailbox.
It was already after 6pm, so Danutė, who had been the company's chief accountant for 15 years, didn't dare call her boss. Usually, they would always correspond by email concerning any financial matters and face no problems: the director would always wait for accurate information and Danutė would always check any data before replying. In this particular case she did the same: she carefully checked data and indicated the amount of the funds available in the company's account.
Strange holiday project
The next morning, Vygandas wrote again, giving the account number of a new business partner, which was to be used to make an advance transfer of €20,000. The amount was quite usual for the company operating in the trade sector. Danutė formed and confirmed the payment order together with other current ones. She wrote to the director that the transfer was completed. Vygandas thanked politely.
On Friday she received another letter from the boss. He wrote that the transfer must had failed or the recipient's details had been entered incorrectly, and asked if Danutė could execute it again. The accountant was surprised. She was used to checking supplier details several times.
She logged in to her company's e-banking account and saw that the amount was debited. Then she started reading the letters with instructions carefully again. Suddenly she felt a pang of unease in her chest: the email address was not the one the director used, yet she had not noticed that only the sender's name matched the real one.
Danutė called the director immediately. It turned out that the company had been attacked by scammers. The company had to contact the bank and police, and launch an investigation. The money was recovered. The situation cost Danutė and the whole team a lot of nerves. Long years of practice and mutual trust had saved the day, yet afterwards the company employed a strict payment approval procedure, including nuances such as how to check payment requests made after working hours or during holidays, who substitutes who and how many people need to approve payment orders.
Figured out the routine
Since this scenario is used by scammers to communicate with businesses, it is common for companies to suffer significant losses as a result of being victimised by such fake managers. According to Eivilė Čipkutė, President of the Association of Lithuanian Banks, scammers are able to convincingly imitate the usual practice in companies.
"The employee hesitated only for a moment, wondering whether the director could really contact her concerning such an issue while on holiday. The scammer was able to figure out the internal procedure that had been established over the years, i.e. payment orders were executed based on the instruction by the manager, it was a common practice to coordinate payment orders through only one channel - email, and one person's electronic signature was sufficient for confirmation. We, however, would advise replacing the unwritten rules with a very specific validation procedure, the so-called four-eyes principle, where at least two competent persons check the basis, purpose and data of each payment order, and where the electronic signature rights are also granted to several persons," she advises. Fake managers may manipulate authority, employee trust and willingness of staff to do what the manager asks as quickly as possible and without any unnecessary questions. Thus, clear procedures are one of the most effective antidotes in this scenario.
Expert's comment: “Order over rush”
Elčin Mamedov, Coordinator of the Tactical Cooperation Group at Centre of Excellence in Anti-Money Laundering
To swindle money this way, scammers make careful preparations. First, they search the public domain for the names of company managers, their email addresses and the names of their employees, their job roles and other information about the company. Once they have found the information they need, scammers go into action, pretending to be the company managers. They send letters or make phone calls to the company employees, rushing and telling them to carry out monetary transactions.
This type of scam has not been recorded very often recently. Nonetheless, once it gets on a scammer's hook, the company faces a very big financial damage and significant amounts of money are swindled. According to the analysis performed in 2021, legal persons were resistant to all forms of scam except for the interception of email correspondence and the fake company manager scheme. To protect themselves, companies and institutions need to establish clear rules for payment processing and involve several employees of the company.
Upon receiving a letter from an alleged manager, the employee is frequently urged to make a payment as soon as possible, thus we recommend taking some time, checking with a colleague or contacting the manager himself. Once you have made a payment and realise that you have become the victim of a scam, it is important to report it to your financial institution and contact the police as soon as possible.