CEO fraud

How CEO fraud works

Fraudsters will contact your business, often by email, to ask for an urgent payment to new bank account details.

Sometimes, they can pretend to be a colleague who wants to change their payroll payment details.

Fraudsters do lots of research to help them write an email that looks genuine and reads like it came from a colleague.

They may also know the right time to pretend to be a colleague, such as when they’re away from work or hard to reach.

Fraudsters can even break into a colleague’s email account to contact your business.

How CEO fraud works

Fraudsters will contact your business, often by email, to ask for an urgent payment to new bank account details.

Sometimes, they can pretend to be a colleague who wants to change their payroll payment details.

Fraudsters do lots of research to help them write an email that looks genuine and reads like it came from a colleague.

They may also know the right time to pretend to be a colleague, such as when they’re away from work or hard to reach.

Fraudsters can even break into a colleague’s email account to contact your business.

Tips to beat CEO fraud

  • It doesn’t matter who sends a payment request, you need to check the details to confirm it’s genuine.

    Call the person who sent it to double-check the request or change of details. Use a phone number you trust, not one from an email.

    If you can't reach them on the phone, don’t reply to an email. Talk with another colleague who can check and approve the payment.

  • If you can, use at least two people to approve a payment. This is called dual approval.

    Create a clear, well-known policy that allows all of your senior or junior colleagues to challenge and check a payment.

    Put measures in place that help colleagues to act quickly if they’re unsure about a payment. This may help to avoid scams and reduce losses.

  • Fraudsters can email to pretend to be an employee to change their account details for getting paid.

    Always double-check that any change of payroll details is genuine. Talking to the employee in person or call them using a phone number you trust, not one from an email.

  • Make your business email account your first line of defence.

    It can hold sensitive details that a fraudster could use against you in a scam. They may also them to get into any other online accounts you hold.

    If you don’t already have one, pick a new, strong password for the business email account.

    Do the same for all the other accounts you hold, such as bank and social media.

    Use a different password for each one.

    Find out how to create a strong password on Password security.

  • Fraudsters can pretend to be someone you trust. Their goal is to steal money from your business.

    The Fraud Stars video from Get Safe Online takes a different look at CEO fraud.

    Play the video

Learn about other scams and how to protect your business