Fake CEO Emails Lead to Massive Bank Transfer Scams, Over ¥600 Million Lost in One Month
Internal Notice: Request to Create LINE Workgroup
In mid-January, a friend of a FRIDAY Digital reporter, Mr. A, received an email like this.
The sender appeared to be the president of the company where Mr. A works. Next to the subject line was the phrase: “Thank you for your hard work. For the business project.” According to Mr. A, “It’s extremely rare to receive direct work instructions from the president,” so he felt something was suspicious and did not open the email.
“Fake CEO emails” are becoming rampant. Masato Mori, representative director of the general incorporated association Institute for Criminal Incident Analysis, explained:
“Earlier in January, I attended a New Year networking event for business leaders, and multiple people told me they had received fake emails from their CEOs. The emails impersonate the CEO and ask for large sums of money via email. Since around December of last year, cases of these fake CEO emails have been increasing.”
Transfer 100 million yen immediately
According to the National Police Agency, the total damage caused by fake CEO emails exceeded 600 million yen in just one month, from mid-December of last year.
“A representative example involved Company A in Tajimi City, Gifu Prefecture. On January 14, an employee of Company A received a fake email in the name of the company’s CEO, requesting: ‘Please create a LINE group and invite the accounting staff.’ The employee believed it was genuinely from the CEO and created the LINE group. Following instructions in LINE that said, ‘We will send you the account information of a business partner, so transfer 100 million yen immediately,’ the employee transferred the money. Afterwards, another instruction arrived saying, ‘Transfer 48 million yen as well.’ This made the employee suspicious. Upon checking the email address, it was clear it was not from the CEO—the scam was revealed.” (National newspaper social affairs reporter)
The method is sophisticated. Mr. Mori continued:
“In many cases, fake CEO emails ask employees to create LINE groups. Unlike company email, which can be seen by others internally, LINE groups are private, and when the read mark appears, it triggers a psychological urge to respond quickly, leaving little time to think.
Many CEOs use their official profile photo from the company website as their LINE icon. These profile photos are easy to steal and make it easy to impersonate the CEO. Cases of free business chat services being exploited in this way are also on the rise.”
Opening a single email can lead to virus infection
As introduced earlier with Mr. A, it is rare for an ordinary employee to receive direct work instructions from the company president, so one might notice something suspicious.
“Whether an employee finds it suspicious depends on the company culture. In companies where communication between management and employees is frequent and work is carried out top-down, it wouldn’t be unusual for an email to come directly from the president. If the employee receiving it is responsible for the accounting department, they may have the discretion to transfer large sums of money themselves,” explained Mr. Mori.
What measures are necessary to avoid falling victim to a fake CEO email scam? Mr. Mori continued:
“Carefully check whether the email address is actually the president’s. If it differs from the president’s official address, never open it. Most likely, these scam emails are being sent randomly by AI or other automated means. Simply opening the email signals to the scam group that this address is valid.
Opening a suspicious email could also lead to virus infection, causing further problems. This could include the leakage of internal company information or network outages, and in some cases, the company may be targeted by ransomware, where the scam group demands a large sum of money in exchange for restoring access.”
The police are investigating fake CEO email cases as the work of anonymous, fluid criminal groups (known as Tokuryu), and the investigation is ongoing.