CEO Impersonation Fraud

Share This Post

If you received an email from your manager asking you to pay £10,000 into a bank account urgently, would you do it?

You might be surprised to hear that some people do.

This type of scam is known as CEO fraud or CEO impersonation and it’s the topic for today’s blog.

Spear Phishing

We’ve talked about phishing attacks in a previous blog post.

Lots of phishing attacks are broadcast in nature. They’ll be sent to lots of people in the hope that a few people will fall for it.

The CEO scam is a targeted phishing attack, also known as spear phishing.

Hackers use online tools like LinkedIn or browse your website for key players within your business. They’ll check out your ‘Team’ pages on your website.

They can easily find the name of your company’s CEO or Managing Directors. It’s not difficult. All of the information is out there on the internet.


The next step is to pretend that they are the CEO of the business.

They usually do this by creating a fake email address which is nearly identical to the real thing and send an email to someone in the accounts department.

The email will pop up in the mailbox of someone who works in the accounts department and it look like it has come from the CEO of the business, or another senior member of the team.

To the untrained eye, the email is genuine.


The contents of the email will be to ask the accounts department to make a payment to a bank account.

What the hackers will also do is apply some urgency to the request. The payment of course will be business critical. On top of that, the hackers will also say something like:

“I can’t talk now, I’m about to get on a plane”


“I can’t talk now, I am on holiday”

Nobody wants to bother calling their CEO on holiday do they? So instead, to avoid the wrath of the CEO, the payment will be made.

Similar Domains

I’m sure you have guessed what is coming next?. Of course, the payment isn’t real.

So what can you do to protect your business from this type of attack?

The first thing you can do is check the email address very carefully. The email domain might be near identical but with just one letter changed

Let’s look at these two email addresses

[email protected]

[email protected]

Spot the difference?

You can spot the difference if you look for long enough. But if you’re busy at work and you get this, most people won’t bother to check.

People often don’t check the full email address, they just check the person’s name. This rushed way of working is what hackers love!

Business Process

The second recommendation is to have a process in your business where you verify bank payments

If you get an email from the boss asking for an immediate payment, there should be a process where you have to get a verbal agreement. So, in effect you need to also speak to the CEO before a payment is made.

This is a great example of cyber security in action. We don’t necessarily have to spend lots of money on cyber defence. You just need processes within your business.

Technology Protection

You can also buy technology for your business that would help prevent these emails getting through.

By using an intelligent spam filter for your emails, you can stop these emails in their tracks.

Products like Mimecast and Vade secure have the ability to identify impersonation attacks and it would place the email in the filter for IT to review.

These products look for ‘similar domain’ emails and block them from reaching your mailbox.

If you add process into your business and clever technology, you can double your efforts against cyber criminals.


As I’ve said before, cyber security is like a jigsaw puzzle. There is no one process or technology that will help protect you.

So the best way to really protect your business from CEO scams is to use both of the recommendations I’ve talked about in this blog post together.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

How to use Microsoft to do

The ULTIMATE Microsoft To Do Tutorial

How do you handle your to-do lists? Do you write tasks on scraps of paper? Or do you pop them in a notebook? Perhaps you have a digital application such as Todoist!  If you’re a Microsoft 365 user, you already pay for a task management system! It is called Microsoft To Do.  We all have

Zero Trust Holy Grail

Is Zero Trust Security The Holy Grail OF Cyber Security?

USA president, Joe Biden, thinks that Zero Trust is the way to go in your cyber security journey, but, what is Zero Trust, and what does it mean for your business?  When it comes to your business, I’m sure you’ve got a strategy in place for how you’re going to win new business, market your

Scroll to Top