Chief executive impersonation fraud rises during economic downturn and AI explosion

Back in 2019, the chief executive of an unnamed UK-based energy firm was called by his boss, the chief executive of the firm’s German parent company, and asked to transfer €220,000 (£189, 570) into the bank account of a Hungarian supplier. 

Little did the chief executive know, however, the voice on the phone actually belonged to a fraudster who had used artificial intelligence (AI) voice tools to impersonate his boss. 

This is just one example of the growing threat of chief executive impersonation fraud, although the story claims to represent the first documented case – which is one of most common forms of authorised application push fraud.

During times of economic recession, fraud is always on the up and this is certainly the case for chief executive (CEO) impersonation fraud – also known as CEO fraud.

CEO fraud occurs when a scammer impersonates senior staff member, usually the chief executive, to convince employees at the organisation to make an urgent payment into the fraudster’s account.

Businesses remain a prime target for this fraud type – according to a report by Pinsent Masons entitled UK Finance Annual Fraud report: The definitive overview of payment industry fraud, published earlier this year (10 May 2023), losses for this type of fraud were £77m.

The report also revealed that the losses from this types of scam increased by 11% to £12.9m in 2022, up from £11.9m in 2021. However, the total number of cases declined by 4% from 396 to 398.

Vikshay Vijai, business fraud sales manager at Allianz Trade, told Insurance Times: “In recent years, impersonation fraud has become one of the most common types of fraud, with fraudsters acting as chief executives or directors and putting employees under pressure to release funds and important information eventually resulting in significant financial loss to businesses.

“It is a criminal act and sadly, due to continued economic changes such as remote working, it is on the rise.

“Our expertise in offering fraud insurance across Europe has allowed us to build a product that provides businesses in the UK peace of mind against such risks. Our dedicated team of fraud specialists will assess claims and provide continued support in the aftermath of impersonation fraud.”

Great opportunity

The increase in CEO fraud led Allianz Trade to launch a new standalone fraud insurance product for businesses, following a rise in internal employee fraud and external scams in the UK post-pandemic.

Speaking during a briefing call with journalists last month (20 July 2023) Sarah Murrow, chief executive of Allianz Trade, said that the trade credit insurer was excited to launch this product due to the current economic climate.

She explained: “We do see fraud increase during times of economic downturn and this is what we were expecting in the coming period. We think this is a great opportunity for us to launch a product at a time when businesses will really need it across the UK.”

The product also covers external fraud including robbery, burglary, intercepted payments and payments made based on a forged order.

For Vijai, the most interesting and more common sort of fraud the credit insurer had seen over the last five years was impersonation fraud.

This can be classified as an external fraud which includes robbery, theft, and certain social engineering attacks where the scammer assumes a false identity.

He said: “We’ve seen various kinds of payments diversion where cheques and bill so exchange are forged that lead to payment being made to someone its not supposed to be made to. That’s how criminals pilfer away money into a fake bank account that is set up just for the purpose of committing fraud there.”

Steve Stennet, standard commercial director for UK and Ireland at Allianz Trade, noted that the firm already had a “substantial footprint” across Europe in the fraud space.

He said: “We have been gradually growing our footprint across mainland Europe, with the UK being the next step. We know that there is great potential for growth in the UK. We are selling business fraud insurance as a standalone product, but we absolutely believe that it will complement our existing trade credit insurance and surety products.”

The target customer will be businesses with turnover of between £10m to £100m and above.

The trade credit insurer is already seeing strong interest from its existing client base, according to a statement, and will be using brokers alongside crossselling as a distribution strategy.

The UK fidelity market, also known as the business fraud insurance sector, is currently made up of around 60% brokers, according to Stennet.

The advent of remote working, lack of monitoring or processes in hybrid working, explosion of  AI and the current economic climate have made fraud easier to commit, he added.

Risk of deepfakes

Impersonation fraud includes the use of deepfakes, which has been further complicated with the explosion of AI programs such as ChatGPT making this more and more convincing. DAC Beachcroft listed impersonation fraud as one of its top tech risks last year. 

Deepfakes use generative AI to replace the likeness of one person with another in image, video, or audio and can be deployed via various platforms such as Zoom, Microsoft Teams, Slack, email, text messages and the metaverse.

The threat of deep fakes has also thrown a spanner in the works for cyber liability insurers by providing criminals with the ability to sidestep biometric controls, manipulate employees to click malicious links and coax financial agents to transfer capital.

Simulating someone else’s voice in impersonation scams is not a new tactic from cyber criminals, but the proliferation of AI technology has made it more accessible.

In an interview with NBC News in March 2023, Coalition’s vice president of research Tiago Henriques said: “As attackers get more familiar with these technologies, what they can do and how to operate them – we are going to see an increase in these scam attacks.”

Coalition is now seeing insurance claims for this kind of fraud.

Alex West, director of the restructuring and forensics team at Pricewaterhouse Coopers (PwC), said: ”Fraudsters are increasingly using new technologies such as generative AI and deepfakes to scam victims and we all need to better understand fraud threats and improve our personal level of defence.

“Businesses need to be equally quick at spotting potential fraud vulnerabilities and in their use of technologies like AI improve fraud prevention and detection.

”Statistics continue to be driven by organised crime groups embracing fraud as a lucrative and relatively low risk form of crime.

”We expect the cost of living crisis to increase pressures on businesses and individuals, incentivising people to take risks, which is likely to lead to an increase in fraud in the coming years, a trend that already seems to be evident in money mule levels.”

On a more positive note, West said that PwC had observed “encouraging levels of counterfraud activity across the public and private sector” and that “change is happening in the right direction”.