Beware the ‘Scammers’ From Within Your Business

Beware the ‘Scammers’ From Within Your Business

Unfortunately, innovation is not limited to businesses.  It also comes from the criminals preying on companies, in order to extort money from them. There are many ways of combatting cyber-crime, and ever more secure means of circling the wagons, but what if the threat comes from scammers impersonating senior executives from within an organisation?


Executive Impersonation

Executive impersonation, or social engineering crime, involves scammers sending payment or transfer requests to employees purporting to be from their own senior executives.

Malcolm Cooke, of Stockport-based, C&C Insurance Brokers, explains, “Make no mistake, this is cyber-crime at quite a sophisticated level. These scams are made to look really convincing, drawing on publicly available company information, or by directly hacking into email accounts of senior staff”.

The scammer’s email request will look genuine. The object is to get the employee to transfer the funds as a matter of urgency into the named account, which will then be accessed and emptied by the scammer.

This has serious implications for a company’s security, its funds, and ultimately its morale.  There is bound to be an impact on employees if they become aware that there might be fraudulent activity that involves their own senior staff being impersonated and themselves becoming dupes.

Furthermore, under a typical Electronic Funds Transfer insurance policy, the company would not be covered for this kind of fraud, because it would not involve the scammers themselves transferring the money but instead tricking an employee into doing it for them.


How Can You Protect Yourself

“Insurers will need to bring in specific social engineering crime cover”, explains Malcolm.  “Businesses also need to make their employees aware and encourage them to be vigilant when it comes to any unusual payment requests that apparently come from senior executives”.

This includes checking emails for any anomalies in spelling, grammar or even just tone. Checking back with the person who has made the request should be done either in person or by phone call. Underpinning all this should be robust procedures and systematic checks for payment authorisation.


“Cyber-security has to keep developing and evolving.  Insurers can, and will, do their bit to provide the right cover, but ultimately, the best defence is for businesses to be ever vigilant and to have the right procedures and processes in place”

Malcolm Cooke


To ensure that you have the right level of business protection, please call C&C Insurance Brokers on 0161 406 4800 or visit