SEC issues report on cyber-related frauds perpetrated against public companies

  • US_SEC Image

Oct 16, 2018

On October 16, 2018, the Securities and Exchange Commission (SEC) issued a report about companies with deficient internal controls – in particular, nine unnamed companies that became victims of a cyberfraud called “business email compromises.”

As noted in an article from the Journal of Accountancy, there were two kinds of business email compromises — emails from fake executives and ones from fake vendors.

In schemes involving emails from fake executives – also called “executive impersonation” – fraudsters not affiliated with a company use spoofed email addresses to send communications that appeared to come from a company executive, typically the CEO. Sometimes, the spoofed emails used real law firm and attorney names. The executive impersonation emails often had these common elements:

  1. Referred to time-sensitive “deals” that needed to be completed within days, emphasizing the need for secrecy from other company employees and sometimes suggested some form of government oversight.
  2. Claimed that the requested funds were needed for foreign transactions – and all directed the wire transfers to foreign banks. The emails provided minimal details about the transaction – and while all of the companies had some foreign operations, these types of foreign transactions would have been out of the ordinary.
  3. Typically went to mid-level personnel who rarely communicated with the executives being spoofed – and who typically were not involved in the supposed transactions.

Review the press release and report on the SEC's website.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.