CEO Fraud on Email
Scammers impersonate a senior executive by email to instruct finance or junior staff to make an urgent, confidential payment outside normal procedures.
Part of: CEO Fraud
Last reviewed: 1 June 2026
CEO fraud is a focused form of impersonation in which an attacker poses as a chief executive or other senior leader to pressure employees into transferring money. Email is the classic delivery method because it carries authority, can be sent at any hour, and is the channel staff already use for instructions from leadership.
The attack relies on hierarchy and urgency rather than technical sophistication. A junior or finance employee receiving what appears to be a direct request from the top of the organisation often feels compelled to act quickly and quietly, which is exactly the behaviour the scammer is engineering.
How this scam works on Email
The attacker researches the company's leadership and finance structure, then sends an email that appears to come from the CEO, often using a lookalike domain or a spoofed display name. The message is short, personal, and urgent, asking the recipient to handle a confidential payment or share sensitive information.
Common scenarios include a secret acquisition, an overdue payment that must be settled before close of business, or a favour the executive needs handled discreetly. The email discourages the employee from discussing the matter with colleagues, isolating them from a sanity check.
If the employee complies, funds are wired to an account the criminal controls. The fraud is often revealed only when the genuine executive is asked about the payment and denies any knowledge of it.
Common red flags
- An unexpected email from a senior executive requesting an urgent payment
- Instructions to keep the matter confidential and not consult colleagues
- A reply-to or sender address that differs slightly from the genuine one
- Pressure to complete the transaction before close of business
- A tone or signature that does not match the executive's usual emails
- A request that deliberately bypasses standard approval procedures
How to protect yourself
- Verify any executive payment request by speaking to them directly
- Establish a rule that urgency and secrecy together require extra checks
- Require dual sign-off for transfers above a set value
- Flag external emails clearly so spoofed internal senders stand out
- Give junior staff explicit permission to question senior requests
- Confirm new payment details through a known, independent contact
How to report it
- Report the fraudulent email to your national cybercrime or fraud centre
- Alert your bank immediately to attempt recall of any payment made
- Preserve the email and its headers and inform your IT security team
Frequently asked questions
Why do CEO fraud emails work even on cautious employees?
They exploit hierarchy and urgency. A direct request from the top of the organisation, framed as confidential and time-critical, pressures staff to act before they verify. Allowing employees to question senior requests removes the fear that fuels the scam.