CEO fraud
A BEC variant in which attackers impersonate a company's CEO or senior executive in emails to pressure employees — typically in finance — into making urgent, unauthorised wire transfers.
Also known as: boss fraud, executive impersonation fraud
Last reviewed: 1 June 2026
CEO fraud is a form of business email compromise (BEC) in which a fraudster impersonates the chief executive or another senior leader to instruct an employee to make a payment. The email typically demands urgency and secrecy: 'This is time-sensitive — do not discuss with colleagues or the usual approval process.'
The targets are usually staff in finance or accounts payable who have the technical ability to initiate wire transfers but may feel uncomfortable questioning a direct instruction from the CEO. The implied authority, combined with artificial urgency, makes this a potent attack.
Protection involves a firm policy that no wire transfer is executed solely on the basis of an email instruction from any executive, regardless of how convincing the message appears. Any request outside normal process must be verified verbally.