CEO Fraud
Don't let your business fall victim
CEO fraud — also known as Business Email Compromise (BEC) — is a sophisticated form of social engineering where criminals impersonate a director or senior executive. The goal: trick employees into making urgent, fraudulent payments. The damage can run into millions of euros.
CEO fraud in numbers
2x
Number of cases doubled between 2017 and 2020 — CEO fraud is growing rapidly.
€5.3 bn
Global losses from Business Email Compromise (BEC) — the financial impact is enormous.
65%
Of organisations have experienced BEC attacks — it can happen to anyone.
How does CEO fraud work?
CEO fraud ranges from simple spam emails to highly sophisticated attacks. In the most advanced cases, criminals study your organisation for months: learning names, roles, communication styles, and internal processes.
They then strike with a perfectly crafted message that is nearly indistinguishable from the real thing. In the worst-case scenario, they have infiltrated the network and send the payment request from the CEO's actual email address.
Protect yourself against CEO fraud
With the right procedures and awareness, you can drastically reduce the risk of CEO fraud. Implement these measures today.
Internal double-check
Ensure payments are always verified through two channels. After receiving an email with a payment request, phone approval must be given — using a known internal number.
External double-check
Received an unexpected payment request from an external party? Always call back to verify using a known phone number — never the number in the email.
Train your employees
Ensure everyone checks the sender by default before taking action. Awareness is the first line of defence against social engineering.
Involve your bank
Have international payments automatically intercepted if you don't normally make them. Your bank can set up additional verification steps for unusual transactions.
Affected by CEO fraud?
Have you made a fraudulent payment? Act immediately. The faster you respond, the greater the chance of limiting the damage.
Contact your bank
Call your bank immediately and request that the payment be reversed. For international transfers, this may still be possible up to 24 hours after the transaction.
Engage a security specialist
CEO fraud often indicates that the network has been compromised. Without investigation, you risk follow-up attacks such as ransomware. Have a specialist examine the network.
How Attic protects you
Attic continuously monitors for suspicious activity and compromised accounts in your Microsoft 365 environment. This way we detect CEO fraud before the damage is done.
Protection against phishing
Block the first step of CEO fraud: phishing attacks that steal login credentials. Attic Free warns employees before they log in to fake sites.
More about FREEDetection of suspicious login activity
Attic Bouncer detects when an account is taken over — for example through an unusual location or device. This prevents attackers from sending emails on behalf of the CEO.
More about BOUNCERSecure your Microsoft 365 configuration
Attic Fixer checks daily whether your Microsoft 365 settings are securely configured. Reduce the attack surface and make it harder for criminals to get in.
More about FIXERPrevent CEO fraud — start today
Don't wait until it's too late. Protect your organisation with automated monitoring and detection of suspicious activity.