Skip to main content

Fraud Alert – CEO Fraud

Irish businesses have been targeted by fraudsters using bogus emails that claim to be from a senior member of staff within the organisation requesting an urgent payment or electronic transfer be made outside of normal procedures or trading patterns.

Key Details – how does the scam work?

  • A member of staff in the finance or accounts department receives an email claiming to be from a senior member of staff within the organisation, whether Director, CEO, Chairman etc., requesting an urgent payment be made outside of their normal procedures due to exceptional circumstances.
  • The email appears to be genuine due to the address in the “From” box reflecting the genuine email address of the senior member of staff. The recipient, believing the email is genuine, arranges for the payment to be made through their preferred payment method but which is to a different account or bank to where payment is normally made. In reality the payment has been made into the fraudster’s account, from where the money is quickly withdrawn or transferred.

There are two methods which the fraudster could use to facilitate this type of fraud attempt:

  • Email SpoofingUsing technical know-how, social engineering or malware, the fraudster is able to construct an email that appears to have come from another source, whilst disguising their own email. Hovering the curser over the name in the “From” box will not reveal the true email address in these cases so the email appears genuine. The difference in the spoofed email account is very subtle and can easily be mistaken for the legitimate email address.
  • Hacked Email Accounts – The fraudster hacks into the victim’s email account and starts issuing emails in the victim’s name, including payment requests to banks or work colleagues. Customers that are more vulnerable to this type of attack are normally users of free email services such as Gmail, Hotmail and Yahoo etc.

Red Flags – what to look out for:

  • Any payment request that is outside of normal policy or process, especially if received by email.
  • Any urgent or confidential request not respecting the standard working procedure or trading patterns.
  • Any unusual payment request such as transfer of high amounts to an unknown or foreign account or to a country where the company has no market relations.


  • Businesses should have a specific documented internal process for the arrangement and authorisation of payments.
  • Any requests outside of that procedure, especially if received by email, should be regarded as suspicious.
  • For such requests, verbal contact should be made with the person sending the email, using a known contact number from the company’s internal records, to confirm the request.
  • Businesses should strengthen their passwords for access to their email accounts, to include a mixture of lowercase and uppercase letters, numbers and special characters, e.g. $&, etc.
  • Businesses should avail of password manager applications and use passphrases instead of passwords.

This is a general notice issued by the Financial Crime and Security Department of BPFI on behalf of BPFI members.

 Disclaimer Note: The information contained in this Fraud Alert /Advisory is for general guidance and for information purposes only and is intended to enhance awareness and vigilance regarding this fraud.