A-Z Glossary of Information Security and Social Engineering Terms

CEO Fraud

CEO Fraud

A type of business email compromise in which the attacker purports to be the CEO, and uses a compromised or spoofed email address to make a payment request to an employee with the authority to issue payments. The receiving bank account is usually owned or connected to the attacker. This attack preys on the human inclination to follow a chain of command and usually involves the attacker adding some urgency to the request. Victims of this scam include Meath County Council, who lost €4.3 million when one of their finance team received a fraudulent payment request from an attacker who claimed to be the CEO. The risk posed by CEO fraud can be mitigated by training executive staff, their assistants and those working in finance functions to identify the tell-tale signs of such an attack and how to mitigate it.

Got a question?

If you would like to make an enquiry about any of our services click the "Contact Us Now" button and fill in your details.