Fake CEO Text Employee Scam
An employee receives a text message appearing to be from the company CEO asking for a confidential wire transfer or sensitive action. The message is fraudulent and exploits corporate authority.
Last reviewed: 11 June 2026
What this scam is
The fake CEO text scam is a variant of business email compromise (BEC) delivered via SMS rather than email. It exploits the informal and immediate nature of text messaging to bypass company security protocols.
Unlike a spoofed email, a text message does not have a domain to scrutinise, making it harder for the recipient to spot obvious technical red flags. The scammer simply uses a new SIM card and presents themselves as the CEO from the start.
This scam is especially effective in organisations where senior leadership does occasionally contact staff directly by text for time-sensitive matters, making the channel feel plausible.
How it works
The scammer researches the target company to find the CEO's name and an employee with financial authority — typically using LinkedIn. They text the employee, sometimes using a number with the same area code as the company.
The opening message builds familiarity quickly: 'This is [CEO name] — I am travelling and do not have access to my work email. I need your help with something urgent and confidential.' Once the employee engages, the scammer requests a wire transfer to a new supplier, an international payment, or employee payroll data.
The confidentiality framing delays the employee from consulting colleagues. Urgency — a contract deadline, a business deal closing today — prevents extended deliberation. By the time the transfer is queued and processed, the scammer's account has already moved the funds.
Why this scam works
The authority of a CEO request combined with the informal intimacy of a text message is a powerful combination. Most employees would feel anxious about making a CEO wait or questioning a direct request from the most senior person in the company.
The claim of being unavailable on official channels removes the most obvious verification route and seems plausible given the frequency of executive travel. Confidentiality framing activates a sense of being trusted with sensitive information, further discouraging consultation with colleagues.
A typical pattern
An employee in a finance or operations role receives a text message claiming to be from the company CEO. The message introduces itself as urgent and confidential, explaining that the CEO is travelling and unable to use their work email. The employee is asked to process a wire transfer to a new vendor account, or to share employee data before the day's close. The employee, not wanting to let the CEO down, complies. The funds are sent to a fraudulent account, or the data is harvested, before anyone at the company realises what has happened.
Common red flags
- Text from an unknown number claiming to be a company executive
- Explanation that usual communication channels are unavailable
- Request for confidentiality that bypasses normal approval chains
- Urgency tied to a business deadline that conveniently prevents verification
- Request to pay a vendor account not previously used
- No corresponding email or internal system record of the request
- Grammar or tone inconsistent with how the real executive communicates
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
'This is [CEO name]. I am travelling and cannot use company systems. I need you to process an urgent wire of [amount] to a new supplier today — please keep this between us until I can explain on my return.'
'Hey, can you pull together all employee W-2 data in a spreadsheet and send it to me at this email? Needed for an urgent audit — please do not loop in anyone else yet.'
'I need this done in the next two hours or we lose the contract. The new account details are below. Please confirm once the transfer is sent.'
Common variations
- Payroll redirect variant: 'CEO' asks HR or payroll to update direct-deposit details for all staff
- W-2 data request: 'CEO' asks HR for a spreadsheet of all employee tax data
- Vendor change variant: a new supplier bank account is provided for an existing vendor
- Mergers and acquisitions variant: payment framed as a confidential pre-announcement deposit for a deal
- Legal threat variant: 'CEO' claims a lawyer has advised urgent payment to avoid litigation
How to verify before you act
Call the CEO on their known work or personal mobile number — a number stored in company records or your own contacts, not a number provided in the text. If you cannot reach them, contact their executive assistant or another C-suite member.
For any wire transfer request, invoke your company's dual-authorisation or callback verification policy. Legitimate transfers can always wait 30 minutes for a phone confirmation. If your company does not have such a policy, flag it to your finance director as a priority.
Payment methods used
- Cryptocurrency
- Bank/wire transfer
- Gift cards
- Money transfer services
- Payment apps to 'friends & family'
Who is usually targeted
- Finance managers and accountants with transfer authority
- HR staff with access to payroll data
- Executive assistants
- Operations managers at small-to-medium businesses
What to do immediately
- Do not process any transfer or share any data until you have spoken to the executive by phone
- Call the CEO or their known assistant on a trusted number in company records
- Notify your manager or CFO that you received the request
- If a transfer was already initiated, call your bank immediately to attempt a stop
- Preserve all text message screenshots
- Report to your IT or security team for investigation
How to prevent it
- Implement a mandatory callback policy for all new wire transfers regardless of who requests them
- Require dual authorisation for any payment to a new beneficiary account
- Train finance and HR staff specifically on this scam and its variants
- Create a culture where it is safe and expected to verify any unusual financial request
- Mark all external emails and unknown numbers clearly so staff can see they are not internal
- Limit the public information available about internal roles and responsibilities on company websites
- Remind staff that a genuine CEO will not be inconvenienced by a 5-minute phone verification
Evidence to preserve
- Screenshots of all text messages with timestamps
- The phone number that sent the messages
- Any wire transfer reference numbers or receipts
- Email addresses used in follow-up communications
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Our CEO does sometimes text me directly. How do I tell the difference?
The difference is the request itself. A real CEO may text to check availability or pass on a message, but legitimate financial transfers and data requests always go through official channels and require documented approval. When the request is for money or sensitive data over text alone, that is the red flag regardless of who appears to be asking.
Could this be a test from my own company?
Some organisations do run phishing tests, but these should be disclosed afterwards and will not result in actual financial harm. Treat every suspicious request as real and verify it — you will not be penalised for following the correct process.