arrow_backAll articles
CEO fraud

CEO fraud and invoice fraud: real examples

schedule8 min read

CEO fraud (Business Email Compromise) is a targeted attack where a scammer impersonates an executive, supplier or accountant to force a payment or a change of bank details. Because the email often has no link or attachment, technical filters do not stop it — only processes (verify through another channel) and alert finance staff protect you.

CEO fraud and invoice fraud (Business Email Compromise, BEC) is a targeted form of scam where the attacker impersonates an executive, supplier or accountant and tries to make an employee execute a payment or change bank details. Unlike mass phishing, there is often no link and no attachment — just convincing text. That is why many technical filters do not stop these emails, and the damage is large, because real money transfers are involved.

What the typical schemes look like

Example 1: an urgent executive request

An accountant receives an email supposedly from the director: "I am in a meeting, cannot talk on the phone. I urgently need EUR 8,400 transferred to a new partner, details attached. Sort it by 3pm, I will explain later." The address looks similar to the real one, the tone is authoritative and urgent. Pressure and the fear of letting the boss down switch off the usual checks.

Example 2: changed supplier details

A long-standing supplier "informs" you that their bank account has changed: "From this month, please pay into the new account." The email arrives around the time an invoice is due, so it looks natural. In reality the scammer either spoofs the address or has already broken into the supplier’s email. The next payment goes to the fraudster.

Example 3: a gift card request

The "executive" asks an employee to urgently buy gift cards for clients and send over the codes. The amount does not seem large, the request is personal, and the employee wants to help. Once sent, the codes are unrecoverable.

Why these attacks are so successful

  • checkAuthority: the request supposedly comes from an executive, so asking and checking is avoided.
  • checkUrgency: "by today", "in a meeting now" leave no room to stop and think.
  • checkContext: the email arrives when such a request seems logical (payment day, invoice received).
  • checkNo technical signs: often no link or attachment, so filters let it through.
  • checkPrior research: attackers study the company structure on social media and the website.

How to protect yourself: processes

The strongest protection against CEO fraud is not technology but clear payment rules that are followed without exception, even under time pressure.

  • checkSecond-channel confirmation: any payment or change of details is confirmed by phone or in person, not by email.
  • checkA two-person rule for larger transfers: two people approve.
  • checkA fixed procedure for changing details: a changed supplier account is verified via a known number, not one taken from the email.
  • checkClear permission to ask: an employee must feel safe double-checking with the executive, even if the request seems urgent.
  • checkLimit publicly available information about finance staff and internal procedures.

How to protect yourself: people

Processes only work when employees recognise the danger and are not afraid to pause. Finance, accounting and executive-assistant roles in particular should be trained with targeted CEO-fraud scenarios. Safe simulations that reproduce exactly this "urgent executive request" reveal who gets caught before it happens for real.

What to do when an incident happens

If the payment has already gone out, act fast: call your bank immediately and ask them to stop or reverse the transfer, inform management and contact the police. The sooner you react, the greater the chance of recovering the funds. Later, review which process had the gap and strengthen your confirmation procedure.

Frequently asked questions

How is CEO fraud different from ordinary phishing?add

Ordinary phishing usually has a link or attachment and is sent en masse. CEO fraud is targeted, often with no link — pure convincing text aims to extract a payment or a change of details, which technical filters find harder to catch.

How do I verify an urgent request from an executive to transfer money?add

Always confirm through another channel — call the executive on a known number or check in person. Never rely on the email alone, even if the address looks correct.

A supplier sent new bank details — what do I do?add

Do not change payment details based on the email alone. Contact the supplier via a previously known contact and confirm the change, because their email could have been hacked.

What does BEC mean?add

BEC is Business Email Compromise. It is a broader name for attacks that impersonate an executive or partner to extract a payment or change details. CEO fraud is one form of BEC.

We already transferred money to scammers — what first?add

Call your bank immediately and ask to stop or reverse the transfer, inform management and contact the police. The sooner you react, the greater the chance of recovering the funds.

Read next