Accept the use of cookies

We use cookies to improve your browsing experience, serve personalized content, and analyze our traffic.


Print Options
man sitting at a desk looking at a screen in the dark
Scam Prevention
Canadian Bankers Association

Learn how to spot and protect your business against the CEO scam

Link Copied
Summary Points

Article

Email scams have been around since we were first able to type and click to send a message over the Internet. What’s changed is spammers’ ability to target their scams to increase the chances you, or your employees, will be tricked into sending money or financial information.

Sometimes called spear phishing since unlike typical phishing, scammers don’t cast a wide net but rather target their efforts on a specific individual within an organization, the “CEO scam” is estimated to have netted several billion dollars in funds to date. Here’s how you can spot it and what to do if it happens to you or your business:

How to spot the CEO scam

Typically the fraudster will send an email impersonating a company executive’s email address, such as the president or the CFO, to individuals working in the accounting or finance department. The email will look like it comes from the senior executive and attempt to trick the employee into wiring money to a third party, and include language making the request sound urgent and highly confidential. The email address can look authentic too, since scammers are registering domain names that look very similar to the target domain such as @yourcompany1.com instead of your real company domain of @yourcompany.com. And scammers can look up company execs and use their real names to make the emails even more convincing.

For example, the accounting department might receive an email that looks like it’s from their Chief Financial Officer, Tim Smith - tim.smith@yourcompany1.com - instructing them to wire $55,000 to a specific account and that the request is urgent. The email also tells them to only communicate through email so as not to infringe on “capital markets regulations” or something similar. The scammer will often follow up asking for an update on the transfer and reemphasizing the urgency of the request.

How to avoid being scammed

  • Educate your employees about this scam and tell them to be skeptical of urgent or suspicious requests made by email. Encourage them to communicate with their manager if they feel a request seems unusual.
  • If you, or your employees, have any doubts about an email that looks like it is from someone at your company, contact them directly by phone before responding to ensure the request is legitimate.
  • Have policies and controls in place requiring more than one officer to approve fund transfers.
  • As a business owner, be careful what you share on social networking sites. Fraudsters can use these sites, and your website, to glean information about you that they can repurpose to target your company.

Sign up for the CBA’s Fraud Prevention newsletter to receive regular updates about frauds and scams and how to protect your money.

Related Articles
Computer-generated image showing a mobile phone with some bank related icons on its screen
May 27, 2025
Choosing the right bank account
Read More
March 21, 2025
A Detailed Prescription: CBA's Blueprint for Canadians’ Prosperity and a Thriving Economy
Read More
group of people with hands up in the air ready to ask questions
June 27, 2024
Banks’ public accountability statements
Read More
November 14, 2023
Remarks on the Pre-Budget Consultation to the Standing Committee on Finance
Read More