A type of business email compromise in which the attacker purports to be the CEO, and uses a compromised or spoofed email address to make a payment request to an employee with the authority to issue payments. The receiving bank account is usually owned or connected to the attacker. This attack preys on the human inclination to follow a chain of command and usually involves the attacker adding some urgency to the request. Victims of this scam include Meath County Council, who lost €4.3 million when one of their finance team received a fraudulent payment request from an attacker who claimed to be the CEO. The risk posed by CEO fraud can be mitigated by training executive staff, their assistants and those working in finance functions to identify the tell-tale signs of such an attack and how to mitigate it.

A type of business email compromise in which the attacker purports to be the CEO, and uses a compromised or spoofed email address to make a payment request to an employee with the authority to issue payments. The receiving bank account is usually owned or connected to the attacker. This attack preys on the human inclination to follow a chain of command and usually involves the attacker adding some urgency to the request. Victims of this scam include Meath County Council, who lost €4.3 million when one of their finance team received a fraudulent payment request from an attacker who claimed to be the CEO. The risk posed by CEO fraud can be mitigated by training executive staff, their assistants and those working in finance functions to identify the tell-tale signs of such an attack and how to mitigate it.