Fake CEO Urgent Wire Transfer Email Script (BEC)
This business email compromise scam impersonates a company executive, often supposedly travelling or unreachable, and emails an employee — usually in finance — requesting an urgent, confidential wire transfer. It leans on hierarchy and secrecy: flattering the target's trust, stressing time pressure, and discouraging verification through normal channels. The scammer's goal is to get money moved to an account they control before anyone questions the request. The single most important action is to always verify unusual payment requests through a separate, known channel — a phone call to the executive's real number — before sending any funds.
Last reviewed: 1 June 2026
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Hi [name], I'm in a meeting and can't talk. I need you to process a confidential wire of [amount] to the account below by 3 pm today. Do not discuss with anyone yet.
This is time sensitive — it's for a pending acquisition and legal has approved it. I'll explain fully when I'm back. Account: [account details].
Please do not go through the usual approval process this time — the deal is sensitive. Just get it done and I'll sign off retroactively.
If you can't reach me, proceed anyway. The [company] representative is waiting. Delay will cost us the deal.
What the scammer wants
To impersonate a trusted authority figure and bypass normal financial controls by using urgency, secrecy, and status — directing a payment to an account the scammer controls before anyone questions the instruction.
Red flags in the message
- Request from a senior figure to act before normal approvals
- Instruction to keep the transfer confidential
- Urgency tied to a deal that cannot wait
- Email address close to but not exactly the real executive's domain
- Sender unavailable to confirm by phone on a known number
- Request to skip the usual two-person authorisation process
- Bank details never used before or provided only in this email
- No supporting documentation beyond the email itself
A safe response
Always verify any unusual payment instruction by calling the sender on a known number — not one in the email. Any request to bypass normal controls or maintain secrecy is a strong signal to pause and verify regardless of apparent seniority.
What not to send
- Wire transfers to unverified accounts
- Payments processed outside normal approval channels
- Confidential company or bank information to the email sender
What to do if you already replied
- Contact your bank immediately to attempt to recall the wire transfer
- Alert your IT and finance teams — the email account may have been compromised
- Preserve all email headers and correspondence for investigation
- Report the incident to your national fraud authority and consider legal advice
- Review your organisation's dual-authorisation controls for wire payments
Evidence to preserve
- Screenshot the full message or call details
- Note the sender number, email, or profile
- Save any links (without clicking) and payment details
- Record dates and times
Frequently asked questions
The email address looks exactly like my boss's — how is that possible?
Scammers commonly use lookalike domains with a single swapped letter, or spoof the display name while the underlying address differs, so always check the full email address, not just the name shown. They may also have compromised the real account through a prior phishing attack.
What if the payment has already been sent?
Contact your bank's fraud department immediately — faster reporting improves the chance of freezing or recalling funds, though success depends on the payment method and how much time has passed. Also notify your company's finance leadership and IT or security team right away.
Why did they ask me to keep it confidential?
Secrecy stops you from checking with colleagues or following normal approval steps that would expose the fraud. Any request to bypass standard verification procedures, even from a senior figure, is a red flag worth escalating.
How can our company prevent this happening again?
Require a phone call or in-person confirmation for any new or changed payment instructions above a set threshold, using a number already on file — never one in the email. Regular staff training on BEC tactics also reduces successful attempts.