How can I stop CEO fraud phishing?

Egress | 17th Oct 2023

CEO fraud phishing is on the rise. In fact, a recent report discovered that wire transfer losses due to CEO fraud phishing had increased by 48% in the second quarter of 2020. The uptick in phishing cases is bad news for organizations, as they lose $80,000 on average for every successful attack.

So, what exactly is CEO fraud phishing, how does it happen, and how can businesses protect themselves? 

What is CEO fraud phishing?

CEO fraud phishing, sometimes referred to as business email compromise (BEC), is a sophisticated email scam where cybercriminals impersonate senior business leaders to trick employees into fulfilling fraudulent requests. 

Hackers typically prey on senior members of an organization because they have more authority to request unauthorized wire transfers or sensitive data from other employees.

A real-life example of CEO fraud

The Scoular Company, a giant of the grain industry, fell victim to a CEO fraud scam in the summer of 2014. 

Scoular's Corporate Controller received an email claiming to be sent by the company's CEO. The email mentioned that Scoular was buying a company in China, so they needed to send money to a bank overseas.

The impostor email told the Controller to obtain further instructions from Scoular's accounting firm. Unfortunately, although the accounting firm does exist, the hackers had faked some authentic-looking contact details, which was enough to convince the Controller that the transaction was legitimate.

As a result of the scam, The Scoular Company lost $17.2 million.

How does CEO fraud happen?

CEO fraud happens when a senior member of an organization falls for a whaling email attack. Whaling is a form of spear phishing that targets higher profile individuals.

Cybercriminals masquerade as clients or important contacts and email senior leaders to trick them into sharing their credentials. Generally, whaling emails contain links to a spoofed website where the victim can enter their login details.

Once the hacker has the victim's login details, they compromise the email account and send fraudulent emails to employees.

Another form of CEO fraud phishing is when a cybercriminal creates an email address that looks similar to the original for the purpose of impersonation - e.g. '' instead of ''. Often, lookalike email addresses are enough to trick employees into believing that the emails have come from a legitimate source.

How to detect CEO fraud attempts

CEO fraud phishing cost businesses $1.8 billion last year. With CEO fraud phishing causing such a staggering financial impact, everyone in the organization must be alert and vigilant, recognizing the common features of an attack:

1. The sender applies pressure

Hackers use clever social engineering techniques to pressurize their victims and make them believe the request is urgent. By posing as a senior business leader, hackers know their time-sensitive requests are more likely to be fulfilled by employees who want to do a good job.

2. The email has come from a mobile device

By sending emails from a mobile device, cybercriminals can give the impression that the CEO is out and about, possibly without access to a laptop, and requires employee assistance.

Not only does a mobile email make stranger requests seem more plausible, but it's also a perfect excuse for any spelling or grammar mistakes that are usually typical giveaways of a fraudulent email.

3. Unusual requests

Cybercriminals know people are less likely to challenge an unusual request from a senior executive. They're relying on employees to feel under pressure to act without stopping to question the requestor. 

Most organizations have processes in place to deal with money transfers or sensitive data sharing. Therefore, if an email comes through from a senior leader requesting a wire transfer or company data, it's wise to treat the request with suspicion. You must confirm the email's validity with the sender using a different method of contact.

Four ways to prevent CEO phishing

1. Check the sender email address

Hover over the email address to verify who the sender is. Hackers can set the 'From' name to the CEO's name, but it might not match the sender's email address. If the 'From' name and the email address aren't the same person, it's likely a sign of a phish.

2. Question unusual requests

If the email asks for an urgent payment transfer or sensitive data, the recipient must question whether the request has come from a legitimate source. Usually, the best method of verification is to ask the sender directly using another method of contact.

3. Staff training

Staff awareness is essential in defending your organization. Ensure that you have clear policies in place and run regular cybercrime awareness workshops with your employees (particularly those in Finance and HR), so they're aware of the latest scams.

4. Seek help from technology

Intelligent anti-phishing solutions such as Egress Defend have a unique advantage. Defend uses machine learning to analyze not just the content of emails, but the context too. That means it can alert users to sophisticated and context-driven phishing attacks such as CEO fraud in real time. 

Learn more about CEO fraud prevention

Cybercriminals are constantly adapting their phishing tactics to lure people into their scams. Stay one step ahead by exploring the Egress phishing hub, and read our expert advice to keep your data protected online by utilizing CEO fraud prevention tools.