The Top 4 CEO phishing email examples

CEO phishing email examples

Last modified on March 26th, 2024

You don’t have to go far to find CEO phishing email examples – they, and the stories of their victims – are all over the internet. In fact, this type of scam targeted at least 400 firms in the US every day. It generated losses of over $50 billion in total for 2022.

Learn about the four most common examples of CEO phishing emails, and how to spot the red flags for these attacks. Protect your organization from both financial and reputational damage, and prevent CEO phishing with Trustpair’s automatic vendor account monitoring. Request a demo now!

New call-to-action

False invoice payments

The first example of CEO fraud, a form of business email compromise (BEC), involves a request for a bank or wire transfer to pay a false invoice.

In this example, the attacker impersonates the CEO or another senior executive within the company and typically targets a member of staff within accounts payable. This target has the authority to make invoice payments.

The fraudster might exclaim that the company is already late on the payment, and will request urgency from the employee. This wire transfer scam involves emotional manipulation in the form of social engineering. It relies on the target placing high levels of trust in their CEO, and uses personal touches to convince the target to make the payment.

Moreover, the urgency techniques place more pressure on the employee to make the transfer and don’t give them a chance to consider any red flags in the request. This is how the perpetrators get past the typical security measures.

Without training or awareness about this type of compromise attempt, an organization is at higher risk of falling victim to these threats of cyber attackers. So it’s important to become familiar with examples of CEO fraud.

Here is an example of a false invoice payment requested by a CEO fraudster:

Subject Line: Invoice to pay [late!]

“Hi Diana,

I’ve been sitting in a meeting all morning with Company X and they’re not too happy with us because they’ve not received this month’s invoice payment.

I’ve told them we can get this resolved within the next hour when we reconvene after lunch. The invoice details are attached- I’m counting on you to get in contact as we need these guys for a lot more business.



Tax or document access request

CEO phishing email attacks may also involve the request for certain documentation or data, such as tax forms or legal contracts to be sent to a third party. Of course, the email accounts of the third party are also controlled by the fraudsters, and it’s a way for them to generate access to sensitive information without placing too much internal scrutiny on the CEO.

For example, the “CEO” (actually a fraud perpetrator) may send an email CC’ing a third-party “tax audit firm”, also the fraudster. They send the email to the internal tax preparer or another senior executive, requesting for the records to be sent to the third party, who has been appointed to verify and audit everything.

Since this message appears to come straight from the CEO’s email address, there are no obvious social engineering techniques or red flags for the employee to avoid, so they send the documents. However, this gives the fraudsters access to confidential and sensitive company data or resources.

Here’s an example of a legal document access request from a CEO phishing fraudster:

Subject Line: Contracts for legal – URGENT

“Hi Mina,

I’ve CC’d our external legal team who need to review the contracts with Third Party Z. Please can you email them over to Sarah today as we’re on a tight timeline to get the deal over the line.


Learn more about B2B payment fraud in our latest fraud report!

fraud study us

Gift card scams

Potentially the most well-known of the CEO phishing email examples is the gift card scam. This rose to prominence in 2020, since the widespread adoption of remote work led to confusion around policies, and the inability to check with colleagues in person.

The gift scam begins with a fraudster who spoofs the CEO’s email domain or hacks into their account. Then, they target the company with a mass email thread, asking employees to go and buy a set value worth of gift cards, say $200.

After confirmation of purchase, the “CEO” will then email employees again to ask for the reference codes on each of the gift cards. This allows the fraudster to remotely redeem the money on the accounts and get away with the money.

A real-life case of gift card CEO fraud happened all over Virginia, targeting religious personnel who wanted to give to charity. The victims were part of the same religious organization and were each told to purchase gift cards for a fundraiser, and then send the serial numbers back. Without specific cybersecurity training or policies, many fell victim.

Here’s what a gift card scam might look like:

Subject Line: In a conference – are you free now??

“Hi David,

I urgently need you to run to Target and grab 20 gift cards for me, worth $100 each for a client. Can you arrange it now? Put in on the employee expenses card and we can sort the rest out later.

Please take a photo of each of the serial codes and send them to me as soon as you’re done as I need to get this sorted before the conference ends.



Fake merger

The final common example of CEO phishing emails involves a fake company acquisition or merger. Here, the phishing fraudsters impersonate the CEO over email and request a very large bank or wire transfer for immediate payment.

This type of phishing is sometimes known as whaling since it goes after a huge target and requires intense research to be successful. The perpetrators are likely to slowly create an email chain to build trust with the victim and use the cover that this acquisition is “hush-hush”, so as not to let any colleagues know until the time is right. That’s how the fraud goes undiscovered until after the payment is made, and how organizations come under compromise.

In 2016, Leoni AG lost over $40 million to this type of phishing CEO fraud. It was the CFO who received a cloned email, requesting a transfer as per the company’s standard policy for wire payments. Under the guise of an acquisition of a foreign subsidiary, the CFO made the transfer and the company subsequently lost its funds.

A fake acquisition request through CEO phishing could be displayed as follows:

Subject Line: Transfer for our acquisition

“Hi Roger,

I know this is short notice but we’ve just managed to seal the deal for an acquisition in Germany. We need to fund an account to prove everything financially – can I count on you to make the transfer in the next hour?

It’s going to be $12.3 million to the following account details [details go here].

I’ve emailed you for this because I know you can be discreet, so please keep this all under wraps until we make the company-wide announcement tomorrow.

I appreciate your fast pace on this one – we can catch up over a drink once it’s all gone through.



Blocking the effects of CEO phishing emails

Blocking the effects of CEO phishing emails is all about verifying and validating the information of the people your company pays.

It’s almost impossible to totally shield against phishing emails because social engineering tactics are manipulative. So other than teaching colleagues about the red flags, and ensuring that your internal email network is as secure as possible, it’s about building a secure payment system and using fraud prevention software.

Trustpair validates and monitors account information in order to ensure your business doesn’t pay suspicious third parties. By verifying company and bank details with international databases, we can check that the bank account really belongs to the third party you think it does, and block payments to suspicious or unregistered entities.

Demo Trustpair to prevent the financial effects of CEO phishing emails.

Here’s a summary:

The top four CEO phishing email examples include false invoice payments, document access requests, gift card scams, and fake mergers or acquisitions. Block the effects of social engineering techniques like a phishing attack by validating third-party information in real-time with Trustpair, before any payments are made.


Trustpair enables better payment security by consistently validating third-party data. We verify suppliers and their bank details against external databases and automatically block payments to suspicious or unknown third parties.

Check out this blog on CEO fraud detection and prevention to learn more. 

There are many possible phishing techniques associated with CEO fraud, but the most common involve impersonation, urgency and pressure, and other social engineering. Common scams include shell companies, fake invoices, supplier hacking, and false acquisitions.

Manage the risks related to corporate treasury.

Receive our latest news

Subscribe to the Trustpair Newsletter and receive advice every week…
Thanks ! Your subscription to the Trustpair newsletter has been taken into account.

        By clicking on “Subscribe”, you agree to receive the Trustpair newsletter to be informed of news or important information about our services. By subscribing, you agree to our Privacy Policy.

Related Articles