CEO Fraud Skyrockets 270%

The FBI has issued an alert, warning about a dramatic increase in CEO-fraud email scams: To the tune of a 270% increase.

This alarming global epidemic, otherwise known as “whaling,” involves attackers posing as a top company exec in order to trick employees into wiring funds to a scammer bank account—or releasing sensitive information, like W-2 tax forms. The FBI estimates that these scams have cost organizations more than $2.3 billion in losses over the past three years.

“The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney or trusted vendor,” the alert warns. “They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.”

Victims range from large corporations to tech companies to small businesses to non-profit organizations. Many times, the fraud targets businesses that work with foreign suppliers or regularly perform wire transfer payments. From October 2013 through February 2016, law enforcement received reports from 17,642 victims. Law enforcement globally has received complaints from victims in every US state and in at least 79 countries.

Rohyt Belani, CEO and co-founder of PhishMe, said that even cybersecurity companies aren’t immune. PhishMe’s VP of finance received this exact type of CEO-fraud email scam last year, where an email appeared to be from Belani, requesting a wire transfer. In that case, the effort failed.

Obviously, if employees are unsure of the legitimacy of a transfer request, they should contact IT and confirm verbally or outside of email with that executive or vendor for verification before proceeding.

Jonathan Sander, vice president at Lieberman Software, pointed out that leadership has a role to play too.

“There is a question of how much power employees have to cause damage, and there is also a question of how executives expect to be able to give directions,” he said. “In several of the cases where these fake CEO emails prompted employees to do the wrong thing, the first thing that occurred to me was that the employee should never have been able to simply email out so much data. The employee shouldn’t have been able to access that much data without some sort of oversight kicking in. The fact that a single employee, for any reason, could grab so much data and simply send it to anyone, regardless of who they think that person is, is a scary prospect when you stop to think about it.”

Infosecurity:

« Russia Blamed For Swedish Air Traffic Hack
Chinese Whistleblower Sentenced To Death For Leaking State Secrets »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

National Cybersecurity and Communications Integration Center (NCCIC) - USA

National Cybersecurity and Communications Integration Center (NCCIC) - USA

NCCIC is a cyber situational awareness, incident response, and management center for the US Government, intelligence community, and law enforcement.

Apricorn

Apricorn

Apricorn provides hardware-based 256-bit encrypted external storage products to companies and organizations that require high-level protection for their data at rest.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

Conviso

Conviso

Conviso is a consulting company specialized in Application Security and Security Research.

Empiric

Empiric

Empiric is a multi-award winning technology and transformation recruitment agency specialising in data, digital, cloud and security.

Securis

Securis

Securis provides organizations and agencies with the highest level of professional, ultra-secure data destruction and IT recycling.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

Curtail

Curtail

Curtail keeps businesses running by using live traffic analysis to identify defects before software goes live, and detect and isolate security threats before they impact systems.

Illuma Labs

Illuma Labs

Illuma Labs delivers real-time voice authentication and fraud prevention solutions.

Wazuh

Wazuh

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Execweb

Execweb

Execweb are a cybersecurity executive network, comprised of 400+ security practitioners who work at Fortune 500 and SME companies.

Fulcrum Technology Solutions

Fulcrum Technology Solutions

The Fulcrum team of technologists are recognized experts in the fields of IT Infrastructure Technology, Security, Service Management and Support.

Stratascale

Stratascale

Stratascale is a consultant, systems integrator, and technology advisor with expertise in Automation, Cloud Ascension, Cybersecurity, Data Intelligence, and Digital Experience solutions.

Robust Intelligence

Robust Intelligence

Robust Intelligence enables enterprises to secure their AI transformation with an automated solution to protect against security and safety threats.

Novera

Novera

Novera offer security assessment and advisory services to help businesses manage risks from AI, cyber and privacy.