How do I spot a fake email from my boss or CEO asking for a transfer?
CEO fraud emails impersonate senior executives asking for urgent bank transfers or gift card purchases — verify any financial request by calling the requester directly on a known number.
Last reviewed: 10 June 2026
Explanation
CEO fraud, also known as business email compromise, is a targeted attack where an employee in finance or accounts receives an email that appears to be from the CEO, CFO, or another senior executive asking for an urgent, confidential wire transfer. The request bypasses normal approval processes because of the implied authority of the sender and the instruction to keep it confidential.
The fraudster either compromises the executive's real email account or spoofs their email address so that the display name shows the executive's name while the actual address is from an external domain. In more sophisticated versions, the domain is registered to look nearly identical to the company's real domain (company-name.net instead of company-name.com).
The instruction is almost always: act fast, do not tell colleagues, it is confidential. These three elements — speed, secrecy, and authority — are engineered to prevent the employee from applying the verification steps that would expose the fraud.
The right response is always to verify any payment request through a separate channel — by calling the supposed requester on a number you already have, walking to their office, or using your company's internal communication system. No genuine urgent transfer request should override this simple check.
Common red flags
- Sender email domain differs from your company's official domain
- Request for urgency combined with unusual secrecy ('do not discuss with colleagues')
- Payment instruction is to a bank account not previously used
- Request arrived outside normal business processes or approval workflows
- Requester is allegedly travelling and cannot be contacted by normal means
What to do now
- Call the supposed requester directly on a known number before making any transfer
- Do not reply to the suspicious email — call instead
- Report internally to your finance director and IT security team
- If a transfer was made, instruct your bank to attempt a recall immediately
- Report to Action Fraud (UK) or the FBI IC3 (US)
Frequently asked questions
How do fraudsters know who our CEO is?
Company websites, LinkedIn, Companies House filings, and press releases make executive names and roles publicly available. Fraudsters research targets before attacking.
What if the email comes from the CEO's real address?
Executive email accounts are frequently compromised through phishing. A genuine email address is not proof of a genuine request. Verify by phone regardless.
Can employees be held liable for CEO fraud transfers?
Liability typically rests with the organisation, but employees who bypass internal controls may face disciplinary action. Verification steps exist precisely to protect staff as well as company funds.