The best strategies against fraudulent emails that target high-ranking executives

fraudulent emails that target high-ranking executives

Last modified on October 31st, 2023

You might be thinking that fraudulent emails that target high-ranking executives aren’t a big deal. After all, we can all spot a fraudulent email, right? Wrong – in a recent survey, 97% of people couldn’t spot spam emails. Any organization that falls victim to phishing emails risks not only the financial effects of a security fallout, but also reputational damage and ultimately, customer mistrust. Read on to learn how to detect fraudulent emails!

Defend your business with Trustpair to block the effect of fraudulent whaling emails by continuously and automatically monitoring vendor info. Request a demo right away!

Nouveau call-to-action

The red flags to detect fraudulent emails that target executives

Most of us believe that we will spot fraudulent emails. But with over 3.4 billion spam email attacks sent between personal and business accounts every single day, it’s understandable that we all feel a bit fatigued by them, and some get lost through the cracks. Most employees are targeted by phishing every day – via email, phone, or texts.

So, there are some red flags that can help eagle-eyed executives to detect fraudulent phishing emails:

  • Urgency: requesting a fast response (such as payment or sharing of sensitive data) due to a fictitious deadline, so that the employee doesn’t properly consider the legitimacy of the request before they comply
  • Change in regular contact person / contact address: receiving a request from an unfamiliar worker at your third party, or the same worker from an unfamiliar email address
  • Abnormal message channel: while you usually submit invoices directly through the Slack domain, for example, this month’s comes via email
  • Littered with links or redirects: bulky attachments or links that encourage the recipient to click outside of the email can redirect to pharming or malicious sites run by cyber attackers
  • Unusual tone, grammar, or spelling: B2B communications are typically professional in tone, with good grammar and spelling
  • Asks the recipient to go against SOPs: with a standard process for paying invoices, requests outside of this framework should cause suspicion

By encouraging executives to stop and think, there is more chance they’ll recognize one or more of these red flags as an attack or cybersecurity problem. And, once suspicions are raised, it’s much easier for an organization to protect against the threat of fraudulent emails.


What are the best defenses to block whaling attacks via fraudulent emails?

Whaling attacks can be devastating – not only due to the initial financial losses. Destruction of trust caused by access of intruders, especially after data leaks, can cause ongoing reputational damage. This can make it harder for organizations to attract new customers – they can feel their personal information won’t be safe. It can also block companies from  operating at the same levels after falling victim to a fraudulent event. Fraud risk is real and can have very real consequences for companies.

Fortunately, there are a multitude of defense strategies that can enable businesses to shield their email systems, including:

  1. Fraud awareness training
  2. Segregation of duties
  3. Data or account validation platforms

Learn more about the differences between whaling and spear phishing in this article.

Fraud awareness training

Fraud awareness training and policies involve educating members of staff against the techniques of fraudsters. In particular, spotting the red flags, and knowing the right “response plan” steps to block any further access by fraudsters. Regular fraud awareness training is a tried and tested way to protect against social engineering cyber-criminal attacks, such as phishing or whaling.

Now, it’s true that most organizations already offer fraud awareness training to their employees. But it isn’t common to train the board of directors at more than 14% of US businesses.

Training throughout all seniority levels is essential for protecting your business against fraudulent emails that target high-ranking executives. It might seem obvious, but with senior executives being targets, this demographic might need the training the most. These are the individuals who are both trusted and authorized to make high-level decisions. They’re also the ones authorized to execute transactions with external third parties.

Moreover, by enforcing this culture from the top, executives can set standards within the company for more junior members of staff. It’s really about implementing a fraud awareness culture so all employees are trained to spot the risk and know how to react to threats.

Segregation of duties

The segregation of duties refers to splitting up responsibilities in any single business process.
For example, the first person may receive an email from a ‘supplier’ for urgent payment. A second may verify the payment details, and a third may approve the payment.

  • When the email is fraudulent, this sharing of responsibilities can be helpful for two major reasons:
  • It slows down the reaction process, allowing colleagues more time to think logically and consider the risks or red flags in any email request

It gains the perspective of multiple colleagues, so even if one doesn’t become suspicious, a second opinion might

It’s important to implement segregation of duties thanks to the four-eyes methodology. This explains that with two sets of eyes, attempts at fraud are less likely to be successful. This is due to two reasons;

  1. Prevents internal fraud. Any potential employee wishing to commit internal fraud knows that their work will be overseen by another worker, holding them accountable for ill-fated actions
  2. Detects suspicious activity. Even if external fraudsters are successful at getting past one employee, there is another member of staff to raise suspicions


When the segregation of duties is properly implemented within the finance department, businesses can expect to see high levels of colleague trust, employee satisfaction, and confidence in the workplace. Organizations can also expect executives to fall for fewer fraudulent email scams, thanks to shared responsibilities.

Data or account validation platforms

Finally, data validation can help executives to verify the information they have, before fulfilling any payment or data-sharing requests after receiving an email. With the right account validation tools – like Trustpair, any organization can put the threats to rest.

Data validation platforms work through the comparisons of bank account details, contact information, and any other data with external sources. When receiving a fraudulent email, it’s really up to the recipient whether they believe the ruse or not. But data validation platforms can help the recipients decide; because it can inform on whether the details given are legitimate or not.

For example, imagine receiving a “change of bank details” request. By validating the new payment details with tools like Trustpair it’s easy to see that the request does not match. Trustpair relies on multiple international databases to compare account numbers, routing numbers, bank branch information, and company details against those in any payment request. By working in real-time, companies can be assured that no matter how ‘urgent’ the emails are, the money can’t leave their account if any suspicious or unknown third parties are detected.

Protect your business with Trustpair’s automatic account validation platform.


Fraudulent emails that target high-ranking executives: how do they work?

Fraudulent emails targeting high-ranking executives are better known as whaling or spear-phishing. There are two common ways that these types of email scams work. It’s important to understand both methods to properly protect against the threat.

In both of the following examples, the perpetrators rely on a handful of techniques to make their ruse more convincing, and therefore more effective. It’s therefore hard for companies to prevent whaling or executive impersonation- as the techniques can vary between attacks.


Whaling (or spear-phishing) is the impersonation of a known third party to the victim, to quickly gain their trust and initiate a payment or data-sharing.
Here’s how it could work;

  1. The fraudsters use social media or intensive research to find out who your real suppliers are.  Oten, this information can be found on company websites.
  2. They decide on an organization to impersonate, such as your bank, law firm, or a vendor in the supply chain
  3. The perpetrator then spoofs the email of your real supplier (creates an email address that looks very similar) and crafts an email
  4. The email is likely to use social engineering techniques, such as urgency, as well as personalization to the executive. It could include their name or other details. It could request an immediate payment to their bank, or ask for confidential information


Busy executives who don’t have time to consider the red flags in this type of cyber attack are the most likely to fall victim. They’ll often be contacted by third parties they have never met, and it’s not uncommon for these senior employees to authorize transfers or share data. Unfortunately, the fraudsters know this – which is why whaling is so effective. There are many types and examples of spear phishing: all are nearly undetectable without the right tool.

Executive fraud impersonation

A second type of fraudulent email attack is through the impersonation of executives, also known as CEO fraud.

How might CEO fraud work?

  1. The perpetrator hacks into the company system and spends weeks or months gathering information on the senior executive they aim to target.
  2. They’ll spoof the executive’s email address with a very similar account, and use similar language, spelling, grammar, and tone to the executive’s usual style.
  3. The email will contain a request to another employee (this is typically a middle management executive who needs to have the right access for the fraud to be effective).
  4. Since the recipient is authorized to make payments within the business, the email usually asks for urgent payment to a third party (potentially a new supplier, or for a business merger).
  5. This second employee, believing that their colleague has requested the payment, then pays straight into the fraudster’s account.


The impersonation of executives is so dangerous because the initial breach can happen weeks or months before any payment request. By the time this happens, any murmurs of a system breach are likely firmly forgotten about, and employee suspicions are low. This makes the threat more likely to be successful.

Learn all about B2B payment fraud in our latest fraud report!

fraud study us

Examples of fraudulent emails that target high-ranking executives

One of the most famous examples of fraud emails that target high-ranking execs happened at Xoom, an online money platform.

In 2015, an employee within the finance department was targeted by an executive impersonation scam. This ultimately convinced the employee, who made a $30.8 million transfer to the fraudsters. Once announced, the company suffered further financial losses as its share price plummeted by 6.2%.

What makes matters worse, though, is that the company had internal procedures in place to prevent this kind of attack. This shows the importance of validating any financial data with an external platform like Trustpair (and in real-time). It’s really the final chance that businesses can take to protect themselves before the money leaves their accounts.


Fraudulent emails that target high-ranking executives are also known as phishing or whaling emails. They target employees with decision-making authority, in the hopes of a money transfer or for free access to sensitive information. Prevent phishing emails by segregating duties, hosting fraud awareness training, and validating vendor information with Trustpair. Our platform ensures payment security throughout the entire P2P process. Even if the attackers manage to trick employees, our solution will block any suspicious money transfer to unknown or new recipients.


Trustpair works by monitoring and validating the payment details (including bank account name, company name, account numbers, and more). Therefore, if a fraudster is pretending to be someone else, their name and account details won’t match with the bank and external databases. Where suspicious or unknown third parties are found, the payments are blocked. Payment security is guaranteed and the financial effects of phishing attacks are stopped.

Overall, our solution is a backup for cybersecurity safeguards and awareness training. Even if attackers access a company’s systems, they won’t be able to commit theft thanks to our automated account validation features.

A fraudulent email example is vendor fraud, whereby senior members of the business are targeted. The scam artist impersonates a supplier and sends a false invoice for the business to pay (with urgency). Without verifying the details of the invoice, or the account holder, the business might pay the invoice and send money straight into the hands of the fraudsters.

Manage the risks related to corporate treasury.

Receive our latest news

Subscribe to the Trustpair Newsletter and receive advice every week…
Thanks ! Your subscription to the Trustpair newsletter has been taken into account.

        By clicking on “Subscribe”, you agree to receive the Trustpair newsletter to be informed of news or important information about our services. By subscribing, you agree to our Privacy Policy.

Related Articles