CEO Fraud
What is CEO Fraud?
CEO FraudA subtype of business email compromise in which an attacker impersonates a senior executive to pressure an employee into performing an unauthorised wire transfer or sensitive action.
CEO fraud — sometimes called "whaling-driven BEC" — relies on a believable executive persona (spoofed domain, look-alike address, or hijacked mailbox) combined with authority and urgency. The attacker typically targets finance, accounting, HR, or executive assistants, requesting confidential wire transfers, gift-card purchases, payroll changes, or release of tax/PII data. Effective controls include callback verification using a known phone number, dual-approval workflows for payments, DMARC reject with alignment, external banners on inbound mail, and recurring scenario-based training so staff feel safe to challenge unusual executive requests.
● Examples
- 01
A spoofed CEO email instructs the controller to wire funds for a "confidential acquisition".
- 02
An attacker poses as the CFO and asks HR to share all employee W-2 forms.
● Frequently asked questions
What is CEO Fraud?
A subtype of business email compromise in which an attacker impersonates a senior executive to pressure an employee into performing an unauthorised wire transfer or sensitive action. It belongs to the Attacks & Threats category of cybersecurity.
What does CEO Fraud mean?
A subtype of business email compromise in which an attacker impersonates a senior executive to pressure an employee into performing an unauthorised wire transfer or sensitive action.
How do you defend against CEO Fraud?
Defences for CEO Fraud typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for CEO Fraud?
Common alternative names include: Executive impersonation, Whaling fraud.