CEO Fraud
Also known as whaling or executive impersonation. A scammer poses as your CEO or CFO and pressures finance staff into making an urgent payment. The request comes from the top, so no one questions it.
Sources: ASD Annual Cyber Threat Report FY2023-24, ACCC Scamwatch
What is CEO fraud?
CEO fraud is a targeted form of business email compromise where a scammer impersonates a senior executive to request an urgent payment. The "request" appears to come from the CEO, CFO, Managing Director, or another C-suite leader, and it typically lands in the inbox of a finance manager or accounts payable team member.
What makes CEO fraud different from general BEC is the authority dynamic. Most employees won't question a direct request from the boss. Scammers know this and exploit it ruthlessly. They create urgency ("this needs to go out today"), demand secrecy ("don't discuss this with anyone yet"), and pressure compliance through the chain of command.
It's also called whaling because it targets the biggest fish in the organisation. Unlike fake invoice scams that blend into routine processing, CEO fraud demands a specific, often large, one-off payment. And because it comes from "the top," it frequently bypasses every approval process your business has in place.
In Australia, BEC losses reached $84 million in FY2023-24. CEO fraud accounts for a significant portion of the highest-value incidents, where single payments of $100,000 or more are not uncommon.
How CEO fraud works
CEO fraud is researched and deliberate. The scammer studies your organisation before making their move.
Research the target
The scammer studies your company's leadership, org chart, and communication style. LinkedIn, your website, press releases, and social media all provide the names, titles, and relationships they need. They learn when the CEO is travelling, in meetings, or on leave.
Spoof or compromise the executive's email
They either hack into the CEO's actual email account, create a lookalike domain (e.g. ceo@company-group.com instead of ceo@companygroup.com), or spoof the display name so the email appears to come from the right person.
Send the urgent payment request
The scammer contacts the finance team with an urgent, confidential payment request. Common scenarios: 'We're closing an acquisition, wire $150K today,' or 'I need this supplier paid before end of day, I'll explain later.' The tone matches the executive's style.
Authority overrides process
The finance team member wants to follow procedure but feels pressure from 'the boss.' They process the payment. The money lands in the scammer's account and is withdrawn immediately. By the time the real CEO is contacted, it's too late.
Warning signs of CEO fraud
CEO fraud relies on pressure and authority. These are the patterns that should trigger a pause.
Unusual urgency from leadership
"This needs to happen today." Real executives rarely demand same-day payments with no prior context.
Requests for secrecy
"Keep this between us for now." Legitimate transactions don't require secrecy from your own finance team.
CEO is "unavailable" for verification
The executive is conveniently in a meeting, on a flight, or overseas and can't be reached by phone. Scammers time requests for when the real person is genuinely away.
New or unfamiliar bank details
The payment is going to an account your business has never used before. No existing supplier relationship, no prior history.
Request bypasses normal approval
"Don't put this through the usual process." Any request to skip approvals should be treated as a red flag, regardless of who it appears to come from.
Tone doesn't quite match
Subtle differences in language, greeting style, or formality. The scammer has studied the executive's communication, but small tells often remain.
How ezyshield prevents CEO fraud
CEO fraud works because authority overrides verification. ezyshield makes verification independent of authority. It doesn't matter who requests the payment. The payee still has to check out.
Verify the payee, not the requester
ezyshield checks the person receiving the payment: their identity, ABN, and bank account ownership. Who asked for the payment is irrelevant to verification.
Authority can't bypass verification
No internal request, regardless of seniority, can skip the verification step. The system enforces the check before money moves.
Immutable audit trail
Every verification is logged. If a CEO fraud attempt is made, the audit trail shows the payment was blocked because the payee failed verification.
Frequently asked questions
What is CEO fraud?
How is CEO fraud different from regular BEC?
How much does CEO fraud cost Australian businesses?
How can I protect my business from CEO fraud?
Related content
Business Email Compromise
CEO fraud is a specialised form of BEC. Understand the broader threat.
THREATPayment Redirection Fraud
How scammers redirect legitimate payments to fraudulent accounts.
THREATInsider Threats
When the threat comes from inside your organisation.
LEARNAP Fraud Prevention
Protect your accounts payable team from CEO fraud and other threats.
Authority shouldn't override verification
ezyshield verifies every payee independently. It doesn't matter who requests the payment. The account still has to check out.