What is another name for CEO fraud?

CEO fraud is also commonly referred to as executive phishing or whaling.

How does CEO phishing work?

CEO attacks work by fabricating emails that appear to be authentic communications from a company executive, urging the targeted employee to act and respond quickly without much thought or hesitation.

What are methods of CEO fraud?

Attackers use various methods to perpetrate CEO fraud, such as spear-phishing, name spoofing, email spoofing, and social engineering.

How do you prevent CEO fraud attacks?

Employee training for recognition and verification is essential for CEO fraud prevention. CEO fraud prevention requires not only a focus on human behavior but also advanced email security solutions.

What is CEO Fraud, and How Do I Prevent It?

Why IRONSCALES
OUR VALUE

Protect Better

Gain protection against advanced email attacks like BEC, ATO, social engineering, and more

Simplify Operations

Turn hours-a-day to minutes-a-month combatting phishing with customizable security automation

Empower Your Org

Triple your org's email security awareness with real-world phishing simulation testing and training
CUSTOMERS

Customers

Check out the benefits provided to our customers and their stories

Case Studies

Explore inspiring success stories from our 13,000+ global customers

Reviews

Uncover honest reviews with authentic insights from Gartner, G2, Capterra, and more
NEWS

Press

Read our latest press releases, news publications, and media highlights

Awards

Explore our awards and industry recognition achievements
Press: New Research

New Osterman study reveals orgs with high confidence still lack capabilities against QR code attacks

Case Study: Webhelp

Learn how Webhelp saved over 450 SecOp hours and is protecting 36,000 mailboxes

Awards: INC. 5000

IRONSCALES earns 'Fastest Growing Email Security Company' for 3rd straight year
Platform
Spring '24 Software Release! Check out our new deep image-based detection, GWS capabilities, and more. Explore the new additions
CAPABILITIES

Inbound Email Protection

Get Adaptive AI email security against advanced attacks missed by other security controls

Account Takeover Protection

Eliminate the risk of ATO with advanced prevention, detection, and response

Image-Based Attack Protection

Protect your organization from image-based attacks like malicious QR codes

SOC Automation

Put SecOps workloads on auto-pilot with automated email remediation and more
Phishing Simulation Testing

Send your employees customized simulations built from real-world threats

Security Awareness Training

Build a security-centric culture with automated personalized awareness campaigns

Crowdsourced Threat Intelligence

Leverage insights from 20,000+ security analysts in our community for email remediation

Collaboration Tool Protection

Protect your collaboration tools including Microsoft Teams® from advanced threats
Take an Interactive Platform Tour
TECHNOLOGY

Adaptive AI Engine

Learn how we level up our AI with advanced ML models and Human Insights

Human Insights

See how we uniquely enhance our adaptive AI with real-time Human Insights

Generative AI

Discover how we use Gen-AI, large language models, and techniques for email security

Ecosystem Integrations

Maximize your existing security tools with our seamlessly integrated platform
Take an Interactive Platform Tour
Solutions
USE CASE

BEC & Executive Impersonation

Stop advanced attacks like BEC, VEC, and VIP impersonation

Advanced Malware/URL Attacks

Continuously protect against malicious links and attachments

Credential Harvesting

Block attackers from stealing your sensitive business data

Account Takeover Attacks

Prevent, detect, and respond to ATO attacks in real time

QR Code Attacks

Decipher image-based attacks from weaponized QR codes

Generative AI Attacks

Safeguard your organization against GPT-crafted attacks

Phishing Simulation Testing

Test your employees with real-world email attacks

Security Awareness Training

Build a security-first organization with integrated SAT campaigns

Get A FREE Email Health Scan
BUSINESS INITIATIVE

M365 Augmentation

GWS Augmentation

SEG Augmentation

SEG Replacement

SOC Automation

BY ROLE

IT/Security Leader

IT/Security Operator

Executive

BY PLATFORM

Microsoft 365

Google Workspace

Microsoft Teams
Learn
New Report! Osterman Research releases their 2024 findings on Image-based/QR Code Attacks. Read the report
LEARN

Blog

Stay informed with our insights and updates

Guides

Explore our multi-chapter email security guides

Glossary

Decode cybersecurity jargon with our glossary

Resource Library

Rich content hub including whitepapers, reports, and more

Get Started

Get started today with a 14-day free trial

Platform Tour

Navigate our platform directly with an interactive guided tour

Engineering Corner

Explore articles and lessons from our R&D team members

CONNECT

Events

View our upcoming in-person and virtual events

LinkedIn

Join the evolving email security discourse with us on LinkedIn

Newsletter

Join our LinkedIn newsletter for security news and best practices
See all resources
FEATURED

Email Security in the Age of AI

Understand the role of AI in fortifying defenses against evolving threats.

QR Code Phishing

QR codes serve as a new bypass method to evade detection.

The ABCs of MFA

MFA is your digital doorman that keeps the malicious actors at bay.
Phishing Prevention

Dive into our complete 13-chapter guide on phishing prevention best practices

Spear Phishing

Understand the inner workings of highly specialized phishing tactics and how to stop them

Voice Phishing

See how attackers leverage new methods and channels to defraud businesses
Partner
BY TYPE

Resellers

Elevate your business with exclusive reselling opportunities

MSPs / MSSPs

Unlock powerful email security capabilities for your end clients

Technology Partners

View our industry-leading technology partners

ENGAGE

Become Partner

Apply to become an IRONSCALES partner today

Partner Portal

Check out valuable tools and resources for partners

Become a Partner
Partner with IRONSCALES Today
Pricing
Get a Demo

Get a Demo

CEO Fraud Explained

CEO fraud (commonly referred to as executive phishing or ‘whaling’) is when an attacker successfully impersonates a company executive in order to gain sensitive information or coerce a financial transaction from targeted executives or employees.

These well-planned attacks are specifically selected, coordinated, and socially engineered to appear as if the emails come directly from a corporate executive, such as the CEO, CFO, CIO, or other VIP.

Categorized as a type of business email compromise (BEC), FBI’s IC3 Internet Crime Report 2021 found that CEO fraud has resulted in:

More than a third of all cybercrime
US business losses of $2.4 billion in 2021, 33% more than 2020
Losses of $26 billion between 2013-2019

How does executive phishing work?

CEO fraud/phishing can target anyone with an email account, but those at the highest risk are executives and employees with access to sensitive or financial information. Targets of CEO email fraud may include people in the accounting department with access to bank and credit card information, IT reps with access to networks and passwords, or HR reps with access to employee data.

Fraudsters research corporate websites, records, blogs/articles, social media pages, LinkedIn, and other resources to identify target employees and how they may be coerced. The information gathered through this research is used to fabricate emails that appear to be authentic communications from a company executive.

These fraudulent emails that target high-ranking executives attempt to mimic the tone of the company’s communication style and typically accentuate urgency and confidentiality to motivate the employee to act and respond quickly without much thought or hesitation.

Sometimes, the emails are sent while the executive is known to be out of the office, further reducing the likelihood of the employee walking down the hall to validate the request.

Attackers use various methods to perpetrate CEO fraud, such as:

Spear-phishing - Creating fraudulent emails targeted toward a specific employee with access to sensitive or financial data.
Name Spoofing - Impersonating an executive’s email by using their name in an email address (though, for example, the email domain may be off by a letter). Attackers will also use trusted websites, services, or platforms that have email notification or comment functionality, such as Dropbox, Google Docs, Asana, Trello, or even something like Evite.
Email Spoofing - Manipulating the source (executive) email address so that both the name and email domain appear legitimate to the employee target.
Social engineering – Using various means (often based on information gathered through online research) to trick someone into providing information. Attackers may use a combination of email, texts, or other methods to coerce the employee into thinking they’re communicating directly with a company executive.

How to identify CEO phishing attacks

Executive phishing attacks are substantially more difficult to spot than typical, widely-distributed phishing emails. The request appears to be legitimate and coming from a familiar executive, uses a familiar tone, language, and company references, and, in some cases, may actually be emails from a hacked executive account.

Prepare your employees to watch for and identify CEO fraud (with Phishing Simulations or Security Awareness Training (SAT) tools, if possible). Be cautious of:

Requests for a financial transaction, particularly those that stress urgent, immediate action
Any email that requests sensitive, proprietary information or demands secrecy
Requests for transactions that indicate the sender is unavailable to talk or respond
Spoofed names or email domains (e.g., always check the spelling of the name and the domain)
Reply-to address that may be different from the sent-from address
Requests for payments/transactions that include new accounts
Unfamiliar links in an executive email
Intent and tone of the email - does it sound like your executive?

Here is an example of a CEO fraud email:

CEO Fraud Email Example

How to prevent CEO fraud

Email filters won’t do much to prevent CEO fraud, as the email won’t typically contain a malicious link or attachment, or one that has been seen before. Employee training for recognition and verification is essential for CEO fraud prevention, but it’s also not enough.

A few tips for employees to prevent CEO fraud:

Don’t rush! Don’t be pressured into a quick response just because an executive sends an urgent email. This is the exact intent of the attacker.
Verify any request for a financial transaction or sensitive information.
Independently check bank details for any transaction request to ensure that they are not new or amended.
Carefully manage what you reveal on social media about your company.
Be aware and selective of what information you provide on your website about your suppliers (and what suppliers may have on their site about your company).
Be aware of executive travel schedules, especially if they are using automated out-of-office replies.
Never click on links or attachments from unknown sources.

CEO fraud prevention requires not only a focus on human behavior but also advanced technology.

See below to learn all about IRONSCALES™ award-winning CEO fraud protection tools.

Learn more about enterprise CEO fraud protection from IRONSCALES™

IRONSCALES™ provides mailbox-level fraud and anomaly detection that DMARC-based and conventional Secure Email Gateways (SEG) can't detect. Our CEO fraud solution:

Prevents spoofing by creating a unique sender “fingerprint” for each employee. This is accomplished by analyzing “sent-from” IPs, communication context and habits, and other factors. Any deviation from the norm is detected immediately.
Leverages Natural Language Processing to flag commonly-used BEC language.
Incorporates DMARC, SPF, and DKIM email authentication validation.
Uses AI and machine-learning to continuously study every employee’s inbox and detect anomalies for both email data and metadata.
Automatically quarantines any detected anomaly in real-time, and visually flags the email subject line and body with guidance for the employee (see example below).
Adapts with sophisticated social engineering developments using AI, machine learning, and crowdsourcing techniques.

Get a demo of IRONSCALES™ today! https://ironscales.com/get-a-demo/

Explore Our Platform Tour

Immediately jump into an interactive journey through our AI email security platform.

Begin Tour

Protect Better

Simplify Operations

Empower Your Org

Customers

Case Studies

Reviews

Press

Awards

Press: New Research

Case Study: Webhelp

Awards: INC. 5000

Inbound Email Protection

Account Takeover Protection

Image-Based Attack Protection

SOC Automation

Phishing Simulation Testing

Security Awareness Training

Crowdsourced Threat Intelligence

Collaboration Tool Protection

Adaptive AI Engine

Human Insights

Generative AI

Ecosystem Integrations

USE CASE

BEC & Executive Impersonation

Advanced Malware/URL Attacks

Credential Harvesting

Account Takeover Attacks

QR Code Attacks

Generative AI Attacks

Phishing Simulation Testing

Security Awareness Training

BUSINESS INITIATIVE

BY ROLE

BY PLATFORM

LEARN

Blog

Guides

Glossary

Resource Library

Get Started

Platform Tour

Engineering Corner

CONNECT

Events

LinkedIn

Newsletter

Email Security in the Age of AI

QR Code Phishing

The ABCs of MFA

Phishing Prevention

Spear Phishing

Voice Phishing

BY TYPE

Resellers

MSPs / MSSPs

Technology Partners

ENGAGE

Become Partner

Partner Portal

Become a Partner

What is CEO Fraud?

CEO Fraud Explained

How does executive phishing work?

How to identify CEO phishing attacks

How to prevent CEO fraud

Learn more about enterprise CEO fraud protection from IRONSCALES™

Explore Our Platform Tour

Featured Content

AI in Email Security

Gartner® Email Security Market Guide

Defending the Enterprise from BEC

Schedule a Demo