This scam is when a fraudster sends an email that pretends to be someone else at your business, often someone senior.
The message will use some kind of credible story to ask for an urgent payment to be sent to new account details. It may even pretend to be a member of staff who wants to change their payroll payment details.
Fraudsters do lots of research to help them write an email that looks genuine and reads like it came from a colleague. It can also help them to send it at the right time, such as when a person is away from work or hard to reach. They can even break into a person’s email account to send a message.
And remember, this type of scam can target a business of any size.
Tips to beat CEO fraud
It doesn’t matter who sends a payment request, you need to check the details to confirm it’s genuine.
Call the person who sent it to double-check the payment request or change of details. Use a phone number you trust, not one from an email. If you can't reach them, don’t reply to the email. Talk with another member of staff who can check and approve the payment.
If you can, use at least two people to approve a payment. This is called dual approval.
Create a clear, well-known policy that allows all of your senior or junior staff to challenge and check a payment.
Put measures in place that help staff to act quickly if they’re unsure about a payment. This may help to avoid scams and reduce losses.
Fraudsters can pretend to be an employee to email a change to a person’s account details for getting paid.
Always double-check that any change of details is genuine by talking to the employee in person or calling them using a phone number you trust, not one from an email.
Make your business email account your first line of defence.
It can hold a lot of sensitive details that a fraudster could use against you in a scam. Or they could use them to get into any other online accounts you hold.
If you don’t already have one, pick a new, strong password for the email account. Then do the same for all the other accounts you hold, such as bank and social media. Use a different password for each one.
Find out how to create a strong password on Password security.
- Fraudsters can pretend to be someone you trust. Their goal is to steal money from your business.
The Fraud Stars video from Get Safe Online takes a look at CEO fraud.
Important Legal Information
Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.
The products and services outlined on this site may be offered by legal entities from across Lloyds Banking Group, including Lloyds Bank plc and Lloyds Bank Corporate Markets plc. Lloyds Bank plc and Lloyds Bank Corporate Markets plc are separate legal entities within the Lloyds Banking Group.
Lloyds Bank is a trading name of Lloyds Bank plc, Bank of Scotland plc and Lloyds Bank Corporate Markets plc. Lloyds Bank plc. Registered Office: 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no.2065. Bank of Scotland plc. Registered Office: The Mound, Edinburgh EH1 1YZ. Registered in Scotland no. SC327000. Lloyds Bank Corporate Markets plc. Registered office 25 Gresham Street, London EC2V 7HN. Registered in England and Wales no. 10399850. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority under registration number 119278, 169628 and 763256 respectively.
We adhere to The Standards of Lending Practice which are monitored and enforced by the LSB: www.lendingstandardsboard.org.uk.
Eligible deposits with us are protected by the Financial Services Compensation Scheme (FSCS). We are covered by the Financial Ombudsman Service (FOS). Please note that due to FSCS and FOS eligibility criteria not all business customers will be covered.