Email Security Intelligence - The Threat of CEO Fraud Extends Beyond the C-Suite

Email risk is at an all-time high for businesses. Threat actors have taken note of the money to be made in this industry, and are devoting more time and resources than ever to crafting highly sophisticated and targeted attack campaigns. CEO fraud is at the forefront of the global email threat landscape, with attacks being reported in all 50 states and in 150 countries. Despite its name, this $26 billion scam is not only a concern for C-suite executives - finance, HR and IT employees and all members of a company’s executive team are also frequent targets in CEO fraud attacks.

What is CEO Fraud and How Does This Scam Work?

CEO fraud - also known as business email compromise (BEC) or whaling - is an email scam in which an organized crime group targets or impersonates a C-level executive within an organization who has access to financial information or other sensitive data. The aim of this malicious scam is to trick an employee into sharing valuable data or conducting a fraudulent wire transfer. So how exactly is this done? Let’s take a closer look at the anatomy of a successful CEO fraud attack:

Step 1: A Target Is Identified

Cyber criminals select a business to target, exploiting information available online in a process known as ‘social engineering’ to profile the company and its C-suite executives. 

Step 2: Preparation

Spear phishing emails coming from a compromised or spoofed executive account are sent to an employee - typically within the finance or HR department - of the target company. Malicious actors employ a combination of deception and pressure to exploit human nature. Because these attacks emphasize confidentiality and urgency, the victim is often inclined to take action without checking to ensure that the request is legitimate.

Step 3: Information Is Exchanged

The victim is convinced that he or she is conducting a valid business transaction, and is provided fraudulent wire transfer instructions by the attackers.

Step 4: Criminals Get Paid

Once the fraudulent transfer is made, funds are directed to a bank account controlled by the threat group.

CEO fraud scams can have severe consequences for businesses of all sizes spanning all industries including financial loss, data theft, significant downtime and serious reputation damage, among others. High-speed trading firm Virtu Financial recently experienced the devastating impact of a successful CEO fraud scam firsthand. The firm disclosed that it paid out $6.9 million as a result of a BEC attack that it suffered in May of 2020. In this malicious attack campaign, a threat actor sat on the company's network for weeks - listening, watching and waiting, then surreptitiously tampering with account settings and sending fraudulent emails. The scam ultimately resulted in a transfer of funds to a Chinese bank - and a huge payday for the attackers.

Who Are the Main Targets in a CEO Fraud Scam?

The name of this email-borne cyber attack can be deceiving, as it implies that CEO fraud is solely a threat to the CEO of a company. However, this could not be further from the truth. There are at least four other groups of employees who are viewed by attackers as valuable targets given their roles and the access they have to sensitive information and funds:


The finance department is an especially popular target in companies that engage in large wire transfers on a regular basis, such as those in the real estate industry. Unfortunately, it is not uncommon for insecure internal policies to solely require an email from the CEO or another C-suite executive to initiate a transfer. As a result, finance employees often do not verify transfer requests they receive.


Human resources presents a great point of entry into a business. After all, HR employees have access to every person within an organization and oversee recruitment. HR employees receive and open thousands of job applications via email. By inserting spyware into a fraudulent application, cyber criminals can gain entry into a company’s systems and surreptitiously sit on corporate networks, gathering sensitive data. Moreover, by targeting HR employees in W2 and PII scams, criminals are often able to gain access to confidential employee information like social security numbers and email addresses.

Executive Team

All members of a company’s executive team are high-value targets for CEO fraud. The majority of these individuals possess some sort of financial authority. If an executive team member’s email account is hacked, cyber criminals are usually able to access a plethora of sensitive information and intelligence, such as insights into deals and business operations.


IT managers and personnel with authority over email accounts, password management and access controls are another high-value target of CEO fraud. If an IT professional’s credentials are compromised, threat actors have ‘hit the jackpot’ - they gain entry to every part of the target organization.

How Can I Protect Against CEO Fraud?

There are various measures that users and organizations should take to prevent CEO fraud attacks. They include protecting corporate email accounts with two-factor authentication (2FA), educating employees on email threats and email security best practices and verifying all wire transfer requests. However, the single most effective method of preventing CEO fraud scams is ensuring that a comprehensive, threat-ready cloud email security solution is in place to fortify business email accounts against sophisticated modern exploits.

Guardian Digital recognizes the importance of safeguarding business email with proactive, layered defenses, and has engineers a innovative solution designed to anticipate and combat the array persistent and emerging attacks that constitute the modern email threat landscape. Through a defense-in-depth approach to security, the use of the transparent, collaborative open-source development model and over two decades of industry experience, Guardian Digital EnGarde Cloud Email Security protects businesses of all sizes in all industries from CEO fraud and other targeted, sophisticated email threats.

EnGarde analyzes hundreds of thousands of attributes of each email that passes through its gateway in real-time, scanning all links and attachments for malicious code and analyzing the reputation of the sender to ensure that only safe, legitimate mail is delivered. 

The fully-integrated, remotely-managed SaaS platform implements multiple layers of advanced email authentication protocols to protect users from CEO fraud, email spoofing and other dangerous impersonation attacks. These protocols help assure that every email that reaches the inbox is from who it says it’s from - not a malicious actor claiming to be the sender. 

Key features and benefits of EnGarde’s protection include: 

  • Keeps organizations ahead of persistent and emerging email threats
  • Protects against phishing, ransomware, CEO fraud and other email-borne exploits
  • Safeguards sensitive data and prevents email fraud
  • Fortifies cloud email against credential phishing and account takeovers
  • Enhanced security through a modern, multi-layered design 
  • Seamless integration with all existing mail systems 
  • Complete end-to-end control of your email infrastructure
  • Simplified administration provides a rapid return on investment (ROI)
  • Premium 24x7x365 customer support services

While it is critical that employees and executives stay alert and educated on the threats that they face online, users cannot be expected to detect today’s advanced email threats without fail - making the implementation of layered, comprehensive defenses more critical than ever in combating CEO fraud and other malicious attacks.

Interested in partnering with an industry leader to safeguard your users, your data and your brand? Let’s get in touch.

Must Read Blog Posts

Latest Blog Articles