Attacks & Threats
CEO Fraud
Also known as: Executive impersonation, Whaling fraud
Definition
A subtype of business email compromise in which an attacker impersonates a senior executive to pressure an employee into performing an unauthorised wire transfer or sensitive action.
Examples
- A spoofed CEO email instructs the controller to wire funds for a "confidential acquisition".
- An attacker poses as the CFO and asks HR to share all employee W-2 forms.
Related terms
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
Whaling
A spear-phishing attack aimed at senior executives or other high-value targets, typically seeking large fraudulent payments or access to strategic information.
Email Spoofing
Forging email headers so a message appears to come from a trusted sender, typically to enable phishing, fraud, or malware delivery.
Spear Phishing
A targeted phishing attack tailored to a specific individual or organization using personal or professional details collected in advance.
Invoice Fraud
A fraud in which attackers submit fake invoices, or alter genuine ones, so that payment is routed to attacker-controlled bank accounts.
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.