Schedule a Demo
Back to Resource Center

What is CEO fraud? And what you can do against CEO fraud as an organization.

What do CEO fraudsters do?

Unfortunately, fraud is common nowadays. Not only individuals but also companies are often the target. A common form of fraud is CEO fraud. In this article, we take a closer look at the characteristics of CEO fraud and how you can prevent this form of fraud.

How does CEO fraud work?

CEO fraudsters abuse authority. For example, the fraudster sends an email on behalf of a high-ranking person within the company. This is where the term CEO fraud comes from. For example, a fraudulent payment order is sent to an administrative employee of your company, in which you request to deviate from the regular payment process because there is an exception or an emergency. The fraudster can also request to change a specific account number. Fraudsters often seek contact by e-mail or telephone.

Image of a drawn hand holding a phone where phising is described

How do criminals carry out fraud?

Cybercriminals often conduct thorough investigations before actually committing fraudulent activities. They often use various techniques, including social engineering. This technique attempts to crack the weakest link (humans) in computer security.


In the case of phishing, cybercriminals try to gather relevant information about your company. These criminals try to trick employees into providing private information via email, text, or phone calls. For example, they may pretend to be a bank or a reputable government agency. Cybercriminals also sometimes build fake websites that look exactly like real websites. Important private data thus gets to the cybercriminals and they can use it to properly execute the CEO fraud attack.

Spear phishing

Spear phishing is a targeted method of phishing that targets a specific company or employee. Spear phishing is therefore more often used by CEO fraudsters. Often, cybercriminals send a message via email from a legitimate sender. They can do this by hacking the email addresses of employees.


Another common method used by cybercriminals is pretexting. The attacker concocts false circumstances to trick the victim into accessing sensitive information or protected systems.

CEO fraud examples

CEO fraud can be recognized by several characteristics. In this section, we discuss some examples of CEO fraud.

Abusing the hierarchy

CEO fraud abuses the authority of a CEO. The fraudster places a payment order with an employee. If this is not paid, the so-called CEO threatens major consequences.

Sometimes the employee also receives compliments from the fraudster. The fraudster indicates that the employee has exceptional qualities and is therefore allowed to carry out the assignment in secret.

Emphasizing Confidentiality

The so-called CEO indicates in this case that this is a confidential transaction and that it may not be shared with anyone within the company. Strict privacy legislation is being abused. The so-called CEO emphasizes that the assignment may not be shared with other colleagues. The main goal is to keep the fraudulent activities secret for as long as possible.

Fake emails

Often the emails are sent with a fake email address. The e-mail address is very similar to the real e-mail address, but often they are slightly different. In some cases, the fraudster may send messages from a verified email address. Through phishing, criminals obtain passwords, which they use to log in to email addresses and then send fraudulent messages.

Protect your company against CEO fraud

It is important to properly protect your company against CEO fraud. Many companies have already become victims of this with often far-reaching consequences. With the tips below you can prevent CEO fraud within your company.

Be alert to irregular payment requests

It is important that employees are alert when dealing with irregular payment requests. Inform all your staff regularly about any fraudulent activities. Clearly indicate where they can go in case of irregular payment requests or other unusual phone calls or requests. New employees must also be informed of this quickly.

Check all payments

It is wise to have unusual payment requests checked by a second person. Despite the fact that not all unusual payment requests are fraudulent, this way you reduce the chance of erroneous transfers to bank accounts of cyber criminals. Although it is an extra step in the business process, in the end it is very valuable.

Be careful when disclosing information about your company

We also advise you to be careful when providing information from the company. For example, it is nice to put information about all employees on your company page, but this can also work to your disadvantage at the same time. This information can be used against your company. For example, it can be misused to create a sense of intimacy. So take a good look at what information you publish about your company in public.


We are always there for you, promise!

Register now for free and never stress about cyber crime again.

Start 14-day free trial

Protect yourself better with a virtual private network

With a virtual private network, you are less visible on the internet. All employees of your company leave traces on the internet. This can also be company-sensitive information. For that reason, it’s not a bad idea to use a VPN. This is an encrypted connection between your computer and the internet. With a VPN connection, you can access the internet anonymously.

What should you do if your company is a victim of CEO fraud?

Has your company unexpectedly fallen victim to CEO fraud? Then it is important to take action as quickly as possible. Notify your bank’s cyber department as soon as possible. In some cases, a transaction can still be canceled. Also, contact the police and the fraud helpdesk.

It is also wise to take action within the company itself. Notify all staff of the circumstances and schedule an emergency meeting. It is then important to take measures to prevent more fraudulent activities.

Do you also want to be better protected against CEO fraud? Sign up now for the free 14-day trial at Guardey.

We are always there for you, promise!

Register now for free and never stress about cyber crime again.

Start 14-day free trial

Frequently Asked Questions

What is gamification?

Gamification is adding game elements into non-game environments, such as security awareness training, to increase participation and foster active learning.

What are the benefits of gamification in security awareness training?

Traditional security awareness training can often be dry and boring. With gamification, the complex subject matter is transformed into an engaging and memorable experience.

By integrating game elements such as challenges, quizzes and rewards, it incentivizes users to actively learn. This makes the training more enjoyable and fosters a sense of competition and achievement. This combination drives better retention and application of cyber security knowledge.

Why is it important to train security awareness on a weekly basis?

Research shows that up to 90% of the learnings from yearly or even quarterly training are forgotten within a few weeks. Guardey was built to keep its users aware of cyber threats 365 days a year. The game comes with short, weekly challenges that slowly builds up the user’s knowledge and eventually drives lasting behavior change.

Which topics are covered in Guardey’s security awareness game?

Guardey covers a wide array of topics to train users about all currently relevant cyber threats, put together in collaboration with ethical hackers and educationalists. The topics covered include phishing, remote work, password security, CEO fraud, ransomware, smishing, and much more.

How much time do the weekly challenges take?

Every challenge takes up to three minutes to complete.

Can I use Guardey to comply with the ISO27001, NIS2, and GDPR security awareness policies?

Yes. ISO27001, NIS2, and GDPR all require that all employees receive appropriate security awareness training. Guardey is always up-to-date with the latest cyber threats, policies, and procedures.

Is security awareness training important for all employees, or just specific roles?

Cybersecurity awareness training is crucial for all employees, not just specific roles. Every staff member can potentially be a target or an unwitting entry point for cyber attacks. Training helps create a security-focused culture and minimizes risks for the entire organization.

While certain roles may require specialized training, a foundational level of training should be accessible to everyone.

In which languages is Guardey available?

Guardey is available in English, Dutch, Italian, French, Spanish, German, Polish, Swedish and Danish.

Want to ask more questions?
Get a personal demo

Get the latest resources & news, delivered directly to your inbox.

Anouk CTA Guardey website

Let's protect your business!

  • Try completely risk free
  • 24/7 support
Start 14-day free trial