High riskEmail Scams

CEO Fraud Scam

CEO fraud, a form of business email compromise, involves a scammer pretending to be a senior leader and pressuring an employee to move money or buy gift cards quickly and quietly. The email often mimics the executive's name and writing style, claims they are busy or travelling, and stresses secrecy. Because it exploits authority and urgency, even careful staff can be caught out. Slowing down and verifying any unusual payment request through a known channel is the most reliable defence.

Quick verdict

Risk level
High risk
Scam type
Business email compromise scam
Main red flag
A senior figure emails you with an urgent, secret request to buy gift cards or send a wire transfer, and discourages you from checking with anyone.
What to do first
Do not act on the request yet. Verify it by calling the person on a known number or speaking to them in person, never by replying to the email.

What this scam usually looks like

CEO fraud, a form of business email compromise, involves a scammer pretending to be a senior leader and pressuring an employee to move money or buy gift cards quickly and quietly. The email often mimics the executive's name and writing style, claims they are busy or travelling, and stresses secrecy. Because it exploits authority and urgency, even careful staff can be caught out. Slowing down and verifying any unusual payment request through a known channel is the most reliable defence.

Example message pattern

Example pattern — not a real report
Example pattern: "Are you at your desk? I'm in a meeting and need you to handle something urgently and discreetly. Buy four gift cards and send me the codes. I'll explain later. Don't call, just email me back. Sent from my iPhone."

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

  • An urgent request to buy gift cards, send a wire transfer, or pay an unfamiliar invoice arrives by email from a senior person.
  • The message stresses secrecy and asks you not to discuss it with colleagues or follow the usual approval process.
  • The sender claims to be unreachable by phone, in a meeting, or travelling, which conveniently blocks verification.
  • The reply-to address or sender domain is slightly altered, with an extra letter or a public email service instead of the company one.
  • The tone leans heavily on authority and pressure, expecting you to act fast because of who is supposedly asking.

What to do

  • Verify any unusual payment or gift card request by contacting the person directly on a phone number you already know, not one from the email.
  • Check the sender's full email address carefully for small changes to the spelling or domain.
  • Follow your organisation's normal approval steps for payments, even when the request seems to come from the top.
  • Report the email to your finance and security teams so they can warn others, as these campaigns often target several staff.

If you already clicked or replied

  • If you already sent a wire transfer, contact your bank immediately and ask whether the payment can be recalled or stopped.
  • If you bought gift cards and shared the codes, report it to the card issuer at once, as some balances may still be frozen.
  • Tell your manager, finance team, and security team straight away so they can act and check for related messages.
  • Preserve the email and any messages as evidence, and report the incident to the relevant fraud reporting service in your country.

What not to do

  • Do not buy gift cards or send money based on an email alone, no matter how senior the sender appears.
  • Do not bypass normal approval steps because a message claims the matter is urgent and confidential.
  • Do not verify the request by replying to the same email, as that reaches the scammer rather than your boss.

Similar scams

Medium risk Email

Fake Invoice Email Scam

This scam emails an invoice or receipt for something you did not buy, hoping you call a fake 'support' number or click a link to dispute it.
High risk Bank & Payment

Payroll Direct Deposit Scam

In this scam, a fraudster emails an employer's HR or payroll team while pretending to be an employee and asks to update their direct-deposit bank details, diverting the next paycheck to the scammer's account.
High risk Marketplace

Marketplace Gift Card Payment Scam

This scam involves a buyer or seller on a marketplace insisting on paying or being paid with gift card codes. Once the codes are shared they are drained almost instantly and are extremely difficult to recover.

Frequently asked questions

Why would a real executive ask for gift cards?
Genuine business expenses are rarely paid with gift cards, because the codes are hard to trace and almost impossible to reverse. A request for gift cards from a leader is a strong sign of business email compromise.
The email address looks exactly right. Could it still be fraud?
Yes. Scammers can spoof a display name or even gain access to a real mailbox. Verifying the request through a separate, known channel is safer than trusting the address alone.
What if my boss really is unreachable and the request seems genuine?
A genuine leader will understand a short delay to confirm an unusual payment. It is reasonable to wait until you can verify, or to escalate to another manager or your finance team.
How can my workplace reduce this risk?
Clear payment approval rules, a habit of verifying unusual requests by phone, two-factor authentication on email, and regular staff awareness all make these scams much harder to pull off.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.