CEO Fraud via LinkedIn
Scammers impersonate executives on LinkedIn to instruct finance staff or vendors to redirect payments, or to extract confidential business information ahead of an email-based attack.
Part of: CEO Fraud
Last reviewed: 1 June 2026
LinkedIn is the preferred platform for executive impersonation reconnaissance. Attackers use it both to gather the intelligence needed for email-based CEO fraud and, increasingly, to execute the fraud directly through LinkedIn messages to employees who assume the professional platform is more trustworthy than email.
A connection request accepted from someone appearing to be the CEO or CFO, followed by a direct message asking for an urgent bank transfer, is a scenario that many finance employees have not been trained to recognise as a risk.
How this scam works on LinkedIn
An attacker creates a LinkedIn profile closely mirroring the target company's real CEO — same name, same photo (scraped from LinkedIn or company website), same job title and employer. They send connection requests to finance staff or procurement managers within the company.
Once connected, the fake CEO messages the employee about a confidential acquisition or penalty payment that must be executed quickly and discreetly. The payment instructions include a third-party account presented as the law firm or counterparty in the transaction.
In other variants, the impersonator does not attempt a payment directly but uses the LinkedIn connection to gather employee names, reporting structures, and financial processes that make a subsequent email-based CEO fraud attack far more convincing.
Common red flags
- Connection request from someone with your CEO's name and photo from a recently created account
- Message from a 'company executive' asking for a bank transfer through LinkedIn rather than official channels
- The connected executive's profile has no mutual connections beyond recently added company employees
- Message asks you to keep the transaction confidential from other colleagues
- Payment details provided are not associated with any known counterparty in your records
- The executive is supposedly unreachable by phone or email and LinkedIn is the only channel available
How to protect yourself
- Verify any LinkedIn profile purporting to be your CEO by cross-referencing with the known company email address
- Establish a company policy that payment instructions via LinkedIn alone are never acted upon
- Train employees to call back any executive requesting financial action through an unusual channel
- Alert the real executive if their identity is being impersonated so they can report the fake profile
- Enable LinkedIn notification alerts for when new profiles using your company name and executive titles are created
- Brief all finance staff that executive impersonation on LinkedIn is a known and growing attack vector
How to report it
- Report the impersonating LinkedIn profile using 'Report > Pretending to be someone' on the profile page
- Notify LinkedIn's Trust and Safety team if a fake profile is using a real executive's photo and name
- Contact your bank immediately if any transfer was made based on LinkedIn instructions
Frequently asked questions
How do I check whether a LinkedIn CEO profile is the real person?
Check the profile's connection history — a genuine long-standing executive will have hundreds of connections built over years. Look for the profile creation date, mutual connections, and activity history. Then verify by emailing the executive's known corporate address.