One of the latest scams to steal your money, your identity and your confidence is CEO fraud.

CEO fraud, also known as business email compromise (BEC), is one of the most common forms of business email fraud.

It’s a scam where criminals impersonate an executive at your company and request that you wire money or transfer funds to an account under their control. CEO Fraud is a huge problem and it only takes seconds for someone to intercept an email and make it look legitimate.



What Is CEO Fraud and How Does It Work?

An online scam wherein an attacker impersonates a C-level executive within an organization with the intent of accessing financial information or sensitive personal information is known as CEO fraud. Typically, the attacker seeks to transfer you money to a bank account owned by the attacker or to share confidential human resources information.

Relying on current technology, these campaigns seek to lure victims into divulging vital data such as credit card numbers or bank account numbers via email or conducting fraudulent wire transfers.

In this highly targeted form of attack, malicious actors research potential victims and their businesses to learn about who they are targeting, giving them the means they need to develop highly convincing – and often successful – attack campaigns. The fraudulent emails sent in these campaigns encourage recipients to take steps – either to share their credentials.


What are CEO fraud attack methods?

Having a complete understanding of the different attack vectors for this kind of criminal action is crucial in preventing it. This is how the bad guys do it.


1. Phishing

Hackers send huge quantities of phishing email messages to countless individuals. Banks, credit card providers, delivery services, law enforcement, and the IRS are among the email providers that are covered by fake email attacks.

If you click a link in a phishing email, you may be taken to a web page that appears to be your bank or credit card company or PayPal. That website will ask you for your personal information, like account numbers or login credentials, including your username and password.


2. Spear Phishing

The cybercriminal has either found out about the industry or has utilized information from social networks to con users. A Spear phishing email is likely to just reach a single person or a small group of banking users. Some type of personalization might be included in the email, for example, the recipient’s name, or the title of the company.


3. Executive Whaling

Cyber criminals target executives and administrators, often it being to siphon money from accounts or steal confidential information, in case of whaling attack. The ideal candidate must be familiar with the company and highborn executives must have an eye for details.


4. Social Engineering

Within a security context, social engineering refers to using psychological manipulation to manipulate people into divulging confidential information or granting access to financial resources. Social engineering may include mining information from social media sites like LinkedIn, Facebook, and others.


CEO fraud protection

Image sourced from


How to Prevent CEO Fraud?

Appropriate policies block the attacker to some extent before the attack does any damage to your finances. Find here 5 things you can do now to avert this so-called CEO Scam to a certain degree.

  1. Through training programs on cybersecurity, educate your employees regarding potential threats and potential disclosures of sensitive information. Employees must be vigilant about responding to requests for money transfers or for any sensitive information.
  2. Ensure that proper documentation and approval take place for all wire transfers.  Determine if the whole team that is in charge of wire transfers has a separation of duty in relation to the initiator and approver of wire transfers.
  3. Inform employees to check for look-a-like domain names that are variations of your company name. 
  4. Add multi factor authentication to all key apps (including financial systems) so users can verify they are who they claim to be (e.g., when initiating a wire transfer).
  5. If your company is affected by BEC, report the incident to your local authorities or FBI.



To summarize, CEO fraud can cost a company millions. CEOs and CFOs face a wide range of threats. But like any computer, CEO fraud can be thwarted. By staying vigilant and using multiple layers of security, and adhering to appropriate phishing protection measures, companies can minimize the impact of CEO fraud.