About us

Alert: Internet and telephone Impersonation Fraud utilising the Deloitte brand

Deloitte has become aware of the use of our brand in a fraud targeting UK businesses which attempts to extract funds from a business by impersonating both a senior executive in that business and a Partner from, in this case, Deloitte LLP, using a plausible email suffix. We are also aware that other professional services firms have been impersonated in this way.

The fraudsters are contacting Finance Teams, Finance Directors or Chief Financial Officers, usually by email, followed by telephone, claiming to represent their Chief Executive Officer or Managing Director. The targeted individuals are instructed that there is a high priority financial operation that needs to be dealt with in secrecy, and that they will need to discuss the matter with a third party who will be dealing with the transaction. To make the fraud more convincing, a reputable third party is impersonated using fake but plausible contact details. The names of Deloitte partners have recently been used in this way.

The method adopted by the fraudsters is:

A member of the targeted organisation’s Finance Team receives an email, similar to one of the messages shown below, impersonating a senior executive at the organisation. 

Initital contact

Example 1
From: [CEO/MD] (mailto:a-123@outlook.com)
To: [Member of Finance team/FD/CFO]
Subject: File [A-123]

I have assigned you to manage file [A-123].

This is a strictly confidential financial operation, which takes priority over other tasks.

Have you already been contacted by [Partner name] from Deloitte?

This is very sensitive, we have to make sure not to infringe FSA regulations.



Example 2
From: [CEO/MD] (mailto:a-123@outlook.com)
To: [Member of Finance team/FD/CFO]
Subject: File [A-123]

For the last months we have been working, in coordination and under the supervision of the FSA, on acquiring a company. 

We anticipate making a public announcement on/around [date]. 

Please reach out to solicitor [Partner name] from Deloitte for the bank details that includes information on where funds need to be deposited. 

Only after this is completed the contract can be executed :

[Contact name] : Tel : 020 8xxx xxxx

Email : [partner]@deloitte-uk.com

Leaks could endanger the contract's execution, in addition to its intrinsic value.



Follow up

Once the fraudsters have sent the above email they usually call the recipient claiming to be the specified Partner at Deloitte. The impersonator instructs the finance team member to make a transfer to a supplied account number. They then follow up with an email from a fraudulent email address constructed to look like a genuine Deloitte email address.

From: [Deloitte Partner] @deloitte-uk.com
To: [Member of Finance team/FD/CFO]
Subject: Re: FW: File [A-123]

Dear [Member of Finance team/FD/CFO],

Please find here below the wiring details:

Bank : [Beneficiary details provided with amount]

Once you have the swift confirmation please email it to me.

Best regards,

[Deloitte Partner]

+44 (20) 3xxx-xxxx

[Deloitte Partner] @deloitte-uk.com

If the contacted individual in the organisation’s finance team replies to any of the messages, the fraudster will continue the email chain reasserting the urgency and secrecy of the project, and supplying additional bank accounts to which payments should be made.

Identifying and responding to the fraud

The messages requesting payment are sent from a third party email service and should be treated as suspicious. The domain Deloitte-uk.com is fake and not linked to Deloitte. Any messages received from this domain should be treated as suspicious.

We recommend that you speak with your finance teams to ensure they are aware of this fraud. If you are contacted by fraudsters you may wish to report the incident to Action Fraud, the UK’s national fraud and Internet crime reporting centre.

Did you find this useful?