A fraud scam that was in the focus of reporting not long ago and that still leads to considerable financial damages in the millions is the so-called “CEO fraud”. In this case, the perpetrators use false identities and pretend to be, for example, the managing director of a company (CEO), a senior executive or a trading partner and induce an employee to transfer a mostly large sum of money abroad, often to China, Hong Kong or Eastern European countries.
The German law firm Schlun & Elseven offers comprehensive legal support to victims of criminal offences. Our business criminal lawyers ensure that all evidence of the existence of a “CEO fraud” is secured promptly and that all formalities required for a criminal complaint are duly complied with so that the perpetrator can be identified. We are happy to represent you in so-called adhesion proceedings in order to assert your claims for damages.
For persons who have been confronted with allegations of fraud, we offer a defence that is both competent and committed. With excellent expertise and many years of experience, our legal team is ready to provide you with comprehensive advice and defence. Our lawyers will ensure that you strengthen your position during the investigation process and that your rights as an accused person are always protected in the process.
What is CEO Fraud?
CEO fraud is also known as “Business Email Compromise” (BEC) and “Fake President Fraud” (FPF). In this case, the perpetrators use false identities and impersonate, for example, the managing director of a company (CEO), a senior executive or a trading partner, and induce an employee to transfer a usually large sum of money abroad, often to China, Hong Kong or Eastern European countries.
Accordingly, this scam is explicitly targeted at companies, not private individuals. Any company of any size can fall victim to such fraud. However, the larger the company, the more attractive it is likely to be for the perpetrators. This is due to the higher financial resources and the more extensive corporate structures and complexity, which lowers the probability of detection for the perpetrators. On the other hand, medium-sized to small companies often have no compliance department or only a poor one, so security standards are significantly lower here, making it easier for the perpetrators to carry out the crime and thus also represents a non-negligible incentive.
Forms of CEO Fraud
Typically, the perpetrators proceed in such a way that they send a falsified e-mail to an employee of the company, which gives the credible impression that it comes from a member of the company management. In it, the employee is instructed to transfer a certain amount of money to a bank account, usually abroad, often referring to the secrecy and urgency of the matter. To make the forgery as authentic as possible, scammers research company internals in advance – this is done via publicly accessible sources, such as homepages, business reports, trade register excerpts or advertising brochures, and social networks. Social networks are used in particular to find out information about individual employees, their functions and activities in the company, and personal details to contact them under a false identity.
In addition, there is also the possibility that it is not a fake e-mail account but a real account, which the perpetrators have hacked illegally beforehand. It essentially becomes impossible for the affected employee to recognise the account in this case. Similarly, the perpetrators may not be looking to transfer money but for the employee to send sensitive data, such as data from the HR department, accounting or controlling. This data is then misused to gain economic or other advantages.
In a broader sense, CEO fraud also includes cases in which it is not the e-mail accounts of executives that are hacked but those of employees. These accounts are then used to communicate with business partners and request payment of an invoice to the fraudsters’ bank account. Another scam is that the fraudsters pose as a supposed supplier and ask for payment of an invoice amount to an alternative account, which also belongs to the fraudsters.
As can be seen, the fraudsters are highly inventive. They are always looking for new ways, usually to obtain large sums of money, but also sensitive data, and thereby cause considerable damage to the companies. Often, the deceived employees who send the requested data and/or sums of money are threatened with severe professional and possibly legal consequences.
Prevention of CEO Fraud
Apart from purely technical security precautions, an important and goal-oriented approach is to sensitize and educate employees to create and sharpen an appropriate awareness of the problem of this type of fraud. They must be informed about the fraud schemes described above so that they can recognize the deceptions. In-house coaching and regular training courses are ideal for this purpose. In addition, company management should pay close attention to what information is made public, especially concerning information that individual employees disseminate on social networks. In addition, internal control mechanisms offer further protection, which should, in any case, intervene in the event of dubious payment instructions or data transmission requests.
Should such a fraudulent scheme nevertheless be successful, your company, or you as a possibly (co-)liable managing director, can only exonerate yourself under liability law if you have sufficiently informed and trained your employees. Otherwise, in the event of damage, you may, in any case, be jointly liable, as courts have already decided in some cases – although this determination as well as the specific amount of joint liability depends on the individual case and is at the discretion of the court so that no abstract limits can be set here. To avoid such joint liability, it is advisable to establish comprehensive compliance management within the company.
As a full-service law firm, Schlun & Elseven offers you a clear perspective and comprehensive legal advice in this area. Therefore, please do not hesitate to contact our legal experts in compliance matters. Our team will work with you to lead your company successfully and in compliance with the law into the future.
Conduct and Legal Assistance in Cases of CEO Fraud in Germany
You should first remain calm if you suspect that your company has fallen victim to fraud despite all security precautions. Even if there is a prevailing belief in society that the perpetrators cannot be identified anyway and the criminal charges are therefore not filed, this does indeed correspond to reality in some cases. For this reason, companies should take preventive measures. However, this is not always the case. Given the often large amount of damage alone, a criminal complaint is worthwhile in any case. Generally, it is advisable to change all passwords for accounts and contact the respective financial institution.
Additionally, it would be best to gather all indications and evidence that could be of importance for the investigating authorities. After all, if it is a scam perpetrated by a specialized gang, a large number of victims can often contribute to this and subsequently be compensated if it is uncovered. To this end, it may be worthwhile to contact our experienced legal experts. They will be able to tell you what information is relevant to the criminal investigation and provide you with an overview of your legal options.
If you are not the injured party but the asset-owning and deceived employee of the company, the question arises, in addition to the potential civil liability, whether you may also have committed a criminal offence. In such constellations, the criminal offence of breach of trust under § 266 (1) German Criminal Code (StGB) comes into consideration, which can be punished with a custodial sentence of up to five years or a fine. A person is liable to prosecution for breach of trust who;
“abuses the power conferred on them by law, by commission of an authority or legal transaction to dispose of the assets of another or to make binding agreements for another, or whoever breaches their duty to safeguard the pecuniary interests of another which are incumbent upon them by reason of law, by commission of an authority, legal transaction or fiduciary relationship, and thereby adversely affects the person whose pecuniary interests they were responsible for.“
Accordingly, the offence has two alternatives: the abuse variant (Alt. 1) and the breach of trust variant (Alt. 2). Due to the underlying fraud and the associated voidability of the legal transaction (under § 823 (2) BGB in conjunction with § 263 (1) StGB), there is no sufficiently effective obligation on the part of the aggrieved company, so that criminal liability is ruled out. However, there is still the possibility of the breach of trust variant, which goes further than the abuse variant. In this case, the required breach of duty of the act, i.e. the transfer of funds, is likely to be problematic and debatable.
Not every breach of duty relevant under civil law is automatically sufficient for criminal liability. Instead, a serious breach of duty on the part of the employee is required. When this can be assumed depends on the individual case and cannot be determined in the abstract. For this very reason, it is advisable in any case to seek experienced and competent legal counsel who can provide you with the best possible advice in such a case.
If you find yourself in such a situation, do not hesitate to contact our criminal law experts at Schlun & Elseven Rechtsanwälte immediately. They will work closely with you to develop an effective defence strategy for your individual case. To do so, please use the contact options below.
Practice Group: German Business Criminal Law
German Business Criminal Law
Contact our German Business Criminal Lawyers
Please use the contact form to inform us about your concerns. After receiving your request, we will make a short preliminary assessment on the basis of the information provided and give you a cost estimation.