CEO-Fraud against enterprises and associations

CEO fraud occurs when perpetrators instruct the accounting or finance department in the name of the CEO to make a payment to the (typically foreign) ac-count of the scammers. Generally, the instruction is sent from a spoofed email address. But there have also been cases in which compromised real email addresses were used. The reasons given for the payment instruction differ, but the payment is usually claimed to be urgent and extremely sensitive (such as an acquisition). A consultant or a bogus or compro-mised law firm are often also part of the scenario. The attackers know exactly how they can use a supposedly urgent situation to put pressure on the employees in question so that they make the payment while circumventing any procedural requirements.

In the past, typo domains have also been frequently used for fraudulent e-mail communication. In these cases the attackers buy a domain which differs only slightly from the domain of the sender with the goal that the victim does not notice it. This allows the attacker to communicate with the victim without having access to their email accounts.

Social networks are a gold mine for obtaining initial information about the company. LinkedIn is especially interesting for scammers because profiles contain information on business rela-tionships or the identity and function of employees. Commercial registers or even company websites may provide useful information too. If the requisite information is not available online, the scammers make contact by phone to obtain information. There have also been cases in which a fax with the official letterhead of a public administration has been sent to get at the company's information. The desired data mainly includes the email addresses of employees in the accounting department whom the scammers have targeted to make the payments in the end. Using the information from these initial contacts, targeted emails are then sent containing information that is plausible for the company in question.
Scammers mainly use domain names similar to a company's to send out emails that may at first glance appear authentic. Using email addresses from these do-mains, the scammers wanted to trick recipients into believing that the emails were from real companies.

Effects and risks

  • Deception
  • loss of considerable sums of money Verlust  



It is virtually impossible to prevent fraudulent emails of this kind from being sent. The scammers conceal their identity and background and can change addresses at any time as needed. The most important recommendation for prevention is therefore to raise employees' awareness, especially in positions such as accounting and finance that are targeted for this type of fraud. The following basic rule should be observed:

  • Do not give out information to unusual or dubious contacts, and do not follow any instructions in such cases even if under pressure.
  • All companies should check what information about the company is available online.
  • Procedures should be defined that all employees have to follow at all times. We recommend requiring collective signatures for money transfers.

Specialist staff
Last modification 04.07.2019

Top of page