← All articles

CEO fraud and Business Email Compromise, explained

GottaPhish Team · May 20, 2026

Some of the costliest scams don't involve viruses or hacking at all. They rely on a simple trick: convincing an employee that an urgent request is coming from a trusted boss or supplier. This is known as CEO fraud, or more broadly Business Email Compromise (BEC).

What is CEO fraud and BEC?

Business Email Compromise is a scam where a criminal impersonates someone your company trusts — a senior manager, a supplier, a lawyer, or a colleague — to trick an employee into transferring money or sharing sensitive information.

CEO fraud is a well-known version of this. The scammer pretends to be the chief executive or another senior leader and asks a member of staff — often in finance or HR — to make an urgent payment or send confidential data.

Unlike mass phishing, these attacks are targeted and personal. There's usually no dangerous link or attachment, which is exactly why they slip past spam filters and catch people off guard.

How the scam usually unfolds

The criminals often do their homework first, reading public information from your website, social media, and press releases to sound convincing. A typical attack looks like this:

The pressure to please a senior leader, combined with a tight deadline, is what makes this scam so effective.

Common variations

Warning signs

You can catch most of these attacks by pausing on a few details:

Simple habits that stop it

Technology helps, but good habits are your strongest defence:

If something feels wrong

Trust your instincts. It's completely acceptable to pause a payment and confirm before acting. If you suspect a scam, contact your finance and IT teams straight away — and if money has already been sent, alert your bank immediately, as fast action can sometimes recover the funds.

How GottaPhish helps

CEO fraud and BEC rely on urgency and impersonation to push employees into authorising payments before they verify — and GottaPhish, together with our expert support team, helps you address exactly that. Our realistic simulations recreate the urgency and impersonation tactics criminals actually use, so employees learn to pause and verify before acting, backed by practical awareness training and dashboards that show where your organisation is most exposed. Our support and experts team works hands-on with you to design believable scenarios, set up campaigns, and interpret the results, turning a costly blind spot into a confident, well-prepared team.