employee sitting at his work desk

CEO fraud: How to protect your organisation from fraudsters

What is CEO Fraud?

CEO fraud, also known as Business Email Compromise (BEC), is a type of fraud that is enabled via social engineering. Social engineering is the manipulation of situations and people that results in the targeted individuals divulging confidential information. Fraudsters pretend to be a senior manager – often the CEO – in order to persuade a staff member to make a payment.

How does CEO fraud happen?

CEO fraud is a request, often made via email, purporting to come from a senior person in the company, normally to the accounts department, requesting an urgent payment to a supplier or partner.

The fraud attempt sometimes occurs when the senior person is out of the office, and the request may outline that the transaction is confidential and sensitive in order to discourage further verification.

For instance, the fraudster may try to convince the victim that their company is about to acquire another business, and the payment is needed as a down-payment for the confidential deal.

Be more like Derek – an office legend

Derek has become an office legend simply by spotting scams and, in turn, saving his company big money. Want to know how he does it?

How can I help to prevent CEO fraud? A checklist:
  • Any payment requests with new or amended bank details received by email, letter or phone should be independently verified. This includes internal emails from senior management that contain payment requests. Fraudsters can spoof email addresses to make them appear to be from a genuine contact, including someone from your own organisation.

  • Don’t be pressured by urgent requests, even if they appear to originate from someone senior – remember this is a common tactic adopted by fraudsters.

  • Be cautious of how much information you reveal about your company and key officials via social media platforms and out-of-office automatic replies.

  • Consider removing information such as testimonials from your own or your suppliers’ websites or social media channels that could lead fraudsters to knowing who your suppliers are.

  • Regularly conduct audits on your accounts

  • Make all staff aware of this type of fraud, particularly those that make payments. 
  • Ensure warning messages are understood and that appropriate checks, actions and processes are followed to ensure requests are genuine.

A CEO fraud case study

A client received an email purporting to be from the Financial Director instructing that 50% of an invoice be paid to an account. The payment of £75k required approval and was held for security checks by Barclays’ fraud prevention team.

When contacted by Barclays, the client confirmed the payment was genuine and it was released.

The client then received a second email which appeared to be genuinely from the Financial Director requesting the remaining 50% be paid to a different bank account. This payment was not held for any security checks.

The fraud was discovered when the genuine beneficiary reported that they had not received their payment. The client informed them of the bank accounts they had paid, and the supplier advised that the accounts did not belong to them.

It was not the client’s policy to verbally confirm payment instructions of this type as it appeared to be an internal email. The client believes that the email account belonging to the Financial Director had been compromised and reported it to their IT department for further investigation.

The fraudsters had moved the money before the alarm was raised, leaving only a small amount available for recovery.

What to do if you suspect you’ve fallen victim to impersonation fraud

If you believe you’ve fallen victim to a CEO fraud attack, contact us immediately. Our team will try to recover the money from the fraudster’s bank account. The quicker you alert your bank, the greater the chance of recovering the funds.

Report it to ActionFraud – the police’s national fraud and cyber crime reporting centre. Even if you’ve not suffered any financial loss, this will allow the police to analyse trends and help them to prevent fraudsters exploiting other companies. You can file a report via their website at www.actionfraud.police.uk^.

If you receive a suspicious email that appears to be from Barclays, please forward it to internetsecurity@barclays.co.uk and then delete it from your email account immediately.

If you have any queries, please speak to your Relationship Director.

If you fall victim to fraud on your Barclays payment channels, call the Online Fraud Helpdesk immediately on: 0330 156 0155*

Fraudulent attacks, even if unsuccessful, should be reported to Action Fraud by calling 0300 123 2040.

Where to next

Fraud Protection

Fraud Protection

Head back to our dedicated hub for the latest fraud trends and useful resources to help protect your business from cyber criminals.


Invoice fraud

What is invoice fraud? This involves criminals impersonating your suppliers and sending fake invoices, or intercepting and changing genuine ones.

Latest insights