CEO Fraud in Schools

Dated: 1 March 2018 Author: Allan Maund, Director of Counter Fraud

The latest National Fraud Intelligence Bureau update is the topic of CEO Fraud in Schools.  It provides basic relevant and easily adopted preventative measures to stop financial loss.

I’d add to this:

  • this fraud type is not sector specific (i.e. not particular to the education sector), and is relevant in the commercial sector, as it is in the public sector
  • this highlights the need to educate employees and provide them with improved knowledge of what fraud is, and how it may present itself to them in the workplace.

The advice the NFIB provides is as follows:

  • Ensure that you have robust processes in place to verify and corroborate all requests to change any supplier or payment details. Get in touch with the supplier (or internal colleague) directly, using contact details you know to be correct, to confirm that a request you have received is legitimate
  • All employees should be aware of these procedures and encouraged to challenge requests they think may be suspicious, particularly urgent sounding requests from senior employees.
  • Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about you, the more convincingly they can purport to be one of your legitimate suppliers or employees. Always shred confidential documents before throwing them away.
  • Email addresses can be spoofed to appear as though an email is from someone you know. If an email is unexpected or unusual, then don’t click on the links or open the attachments. Staff should not be allowed to check emails from administrator accounts.

I don’t have an issue with the advice. However, this fraud-type and the advice has been ‘doing the rounds’ for quite some years, but ultimately organisations, or rather employees of organisations still fall victim to it.

An employer can put countless policies and procedures in place, but policies and procedures are only as good as the employee that adopts them, or ignores them, or bypasses them due to ‘management override’, ‘emergency tenders’, ‘local policy’ or ‘insert relevant excuse’.

Fraud Awareness Training 

A key element which is overlooked is investing what only needs to be a proportionate amount of time on fraud awareness training. Imagine a scenario, where for this example your accounts employees spent an hour or two being educated on what fraud is and what it looks like, visualise interactive training, relevant to their roles and responsibilities and led by an anti-fraud expert and identifying other potential areas of risk which were previously not considered. Picture the scene where employees are provided examples of what a CEO fraud means, what to look for in emails and then what to do and what not to do. Provide employees with knowledge.

Now, picture the employer who doesn’t invest in their employee’s awareness training, and sends a CEO Fraud warning email to all accounts staff, to include a copy of the latest policy or procedural revision and a caveat which may read along the lines of ‘failure to adhere to X policy and procedure may result in action taken against you in accordance with X disciplinary policy’.

As Henry Ford is quoted “The only thing worse than training your employees and having them leave, is not training them and having them stay”.

And if CEO emails are still coming through, get your ICT department to check the email filters and the anti-virus software that you have is up to date.

Need further assistance?

For further information please contact us on 0800 298 3899 or email: Email Allan Maund.