CEO Scams: How to Identify, Avoid, and Protect Your Business

CEO scam is a form of attack in which cybercriminals pose as a company's top executive to trick employees into sharing sensitive data or making unauthorized payments. Scammers know that a message from someone high up can push employees to act fast without questioning it. They often create a sense of urgency to trap employees into making a rushed decision.

How CEO Fraud Works

The FBI often calls this scam "Business Email Compromise" (BEC), as fraudsters typically use compromised or spoofed business email accounts. Here's how it typically plays out:

Name Spoofing: Hackers will use the CEO's name but send the email from a slightly altered domain, a detail often overlooked, especially on mobile devices.
Name and Email Spoofing: The attacker can use both the CEO's name and the correct email address, but with a hidden "reply-to" address that directs responses to them instead.
Deepfake Technology: More sophisticated scams use AI-generated deepfake videos or audio, making it appear that the CEO is directly asking for sensitive information or money. This can create extra pressure on employees to comply.

Real-life story

A finance worker at a multinational firm was tricked into transferring approximately $25 million to fraudsters who used deepfake technology to impersonate the company's chief financial officer during a video conference call. Initially suspicious of a message from what he thought was the UK-based CFO regarding a secret transaction, his doubts were dispelled during the call when he recognized the familiar appearances and voices of the other participants, who were actually deepfake recreations. Trusting the situation, he agreed to remit a total of 200 million Hong Kong dollars (around $25.6 million).

Source: CNN

Common Attack Scenarios and Targets

Scammers target specific employees based on their access to financial data: finance departments, HR, and executives. Here are a few scenarios used by scammers in which CEO scams play out.

1. A business working with foreign suppliers: Scammers exploit collaborations with international suppliers, requesting funds to be sent to a different account than the established wire transfer agreement.

2. Wire Transfer Requests: Cybercriminals compromise or spoof email accounts of top executives, leading employees, or financial institutions to ask for fund transfers to unauthorized accounts.

3. Fraudulent Correspondence to Business Contacts: Attackers take over an employee's email account and send fake invoices to suppliers, resulting in funds being redirected to fake accounts.

4. Impersonation: Scammers pose as lawyers or executives involved in urgent, confidential matters, convincing employees to act quickly without proper verification.

5. Data Theft: Fraudulent emails request sensitive documents, such as W-2 forms or personally identifiable information (PII), from HR or accounting departments.

Common Forms of CEO Fraud with Examples

1. False Invoice Payments

The false invoice scam is a common tactic used in CEO fraud, where attackers request payments for invoices that don't actually exist.

Bogus Reply Chains: The fraudster creates an email thread that makes it seem like the CEO is being pressured by a legitimate company for payment. The "CEO" forwards this email chain to someone in finance, instructing them to pay immediately.
Consultant Payments: The scammer, posing as the CEO, claims the company owes money to an "outside consultant" and urges the employee to pay them right away, insisting the payment is overdue.

Example:

Subject Line: Invoice to Pay [Late!]

Hi Diana,

I've been in meetings all morning with Company X, and they're unhappy because we haven't processed this month's invoice payment.

I need you to resolve this within the hour before we reconvene after lunch. The invoice details are attached—I'm counting on you to handle this quickly as we need their business.

Thanks,

Paul

2. Tax or Document Access Requests

Another form of CEO phishing involves requests for sensitive documentation, such as tax forms or legal contracts, to be sent to a third party controlled by the fraudster. In this scenario, the fake CEO may CC an external "tax audit firm," which is actually just another fraudster.

Example:

Subject Line: Contracts for Legal – URGENT

Hi Mina,

I've CC'd our external legal team, who need to review the contracts with Third Party Z. Please send them to Sarah today, as we're on a tight deadline.

Thanks,

Paul

3. Gift Card Scams

This scam involves a fraudster impersonating the CEO by either spoofing their email or hacking their account. They then send a mass email to employees requesting the purchase of gift cards. After the employees buy the gift cards, the fraudster asks for the serial numbers, allowing them to redeem the cards without anyone realizing.

The fraudster may use various tactics, such as:

- Claiming the "CEO" needs a gift for a friend or relative, often accompanied by a sad backstory.

- Pretending that the "CEO" wants to reward staff members secretly and asks the employee to keep it confidential.

- Requesting gift cards for clients, sometimes mentioning an upcoming presentation.

Example:

Subject Line: In a Conference – Are You Free Now??

Hi David,

I urgently need you to run to Target and buy 20 gift cards worth $100 each for a client. Please charge it to the employee expenses card, and we'll sort it out later.

Take a photo of each serial code and send it to me as soon as you can—I need to resolve this before the conference ends.

Thanks,

Paul

4. Fake Mergers or Acquisitions

Fraudsters may also impersonate a CEO to request large bank transfers for fake mergers or acquisitions. This sophisticated scam often involves extensive research to create convincing email chains, making it seem legitimate.

Example:

Subject Line: Transfer for Our Acquisition

Hi Roger,

I know this is short notice, but we've just sealed the deal for an acquisition in Germany. We need to fund an account quickly—can I count on you to make the transfer within the next hour?

It's going to be $12.3 million to the following account [details here].

I'm emailing you directly because I trust your discretion—please keep this confidential until our official announcement tomorrow.

I appreciate your quick action on this. Let's celebrate once it's all done.

Thanks,

Paul

5. Payroll Diversion Scam

The payroll diversion scam is a straightforward tactic where scammers impersonate individuals in the payroll department.

Example

Subject Line: Update Required for Direct Deposit

Hi Sarah,

I hope you're doing well! I wanted to let you know that I recently switched banks and need to update my direct deposit information. Can you please assist me with this?

I appreciate your help! Please find my new bank details below:

Thank you for taking care of this quickly. Let me know if you need any further information.

Best,

Paul

How to Prevent CEO Scam

Independent Verification: Always double-check payment requests, especially if they involve new beneficiaries or altered bank details. Even if the request seems to come from internal staff, verify it through an independent source.
Employee Training: Equip your team with the knowledge to recognize red flags and empower them to question suspicious requests, regardless of the sender's authority.
Limit Information Sharing: Be mindful of how much information is shared publicly about your company and its key officials, as fraudsters often use this data to make their scams more convincing.

Can hackers spoof an email address of your business domain?

Did you know that one of the first things hackers often do is try to spoof your business email? If they succeed, they can initiate a "CEO fraud" attack that could compromise your entire network.

Bitdefender Ultimate Small Business Security offers robust defenses against these threats. With advanced email protection and the Scam Pilot feature, it detects and blocks phishing attempts before they reach your inbox. Combining cutting-edge technology with user training helps your team stay vigilant and secure against these types of attacks.

Here's what it offers:

Phishing and Email Protection: Stops phishing scams and fraudulent emails before they reach your inbox.
Malware Defense: Keeps your Windows PCs, Macs, iPhones, Android phones, and Windows servers safe from malware, including ransomware.
Password Manager: It helps you create strong passwords and keeps them secure.
VPN: Provides unlimited VPN traffic to keep your remote connections safe.
Scam Copilot: Uses AI to help your team spot scams and avoid threats while boosting your cybersecurity skills.
Easy to Use: Features a straightforward dashboard that anyone can manage, with no IT expertise needed.

Bitdefender Ultimate Small Business Security is an easy-to-use, all-in-one, affordable solution that protects your business.

Check it out at bitdefender.com/solutions/small-business-security.

FAQs

How can I tell if an email is part of a CEO fraud scam?
Look for subtle signs like unusual language, a sense of urgency, or requests for confidential information or immediate payments. Check the email address carefully for minor alterations to your domain name, and if you’re unsure, contact the sender through another communication method for confirmation. Be especially cautious if the email asks you to bypass regular processes.

2. What should I do if I suspect I’ve fallen victim to a CEO scam?
If you’ve already transferred money or shared sensitive information, contact your bank and local authorities immediately. You should also notify your cybersecurity team and report the incident to national fraud and cybercrime agencies. The faster you act, the better your chances of recovering funds or minimizing damage.

3. How can Bitdefender Ultimate Small Business Security help prevent CEO scams?
Bitdefender Ultimate Small Business Security provides comprehensive email protection, which detects and blocks phishing attempts before they reach your inbox. Additionally, the Scam Pilot feature is designed to analyze emails and detect fraudulent patterns, helping safeguard your business from impersonation scams like CEO fraud.