You know things are getting serious when your CEO suddenly becomes very passionate about a mystery invoice and needs you to pay it yesterday. Spoiler: it’s probably not your CEO.
In this publication, we're uncovering a Business Email Compromise (BEC) scam that’s hitting finance departments hard — with attackers posing as company execs to trick employees into wiring funds for fake consulting services.
Fraudsters are impersonating CEOs through lookalike email threads, urging urgent invoice payments. And it’s working — because these attacks look very real.
How It Works:
This isn't your average email phishing attempt. Here’s the breakdown:
- Attackers impersonate company CEOs or high-level executives by spoofing email display names — sometimes even copying existing email threads for authenticity.
- The fraudulent emails are sent to finance or accounts payable teams, often with a tone of urgency and authority.
- In some cases, the email includes a fake invoice from a made-up contractor; in others, the email itself serves as the payment request.
- The emails appear to be legitimate at first glance, but the actual sender address has no connection to the display name or company.
- Victims, fearing repercussions for questioning leadership, process the payments — often transferring thousands of dollars to scammers.
According to Kaspersky’s spam analyst Anna Lazaricheva, "This attack stands out for its meticulous attention to detail and exploitation of trusted relationships."
Who’s Targeted:
This scheme primarily targets:
- Finance and accounting teams
- Small-to-mid-sized businesses, often without rigorous payment verification protocols
- Organizations with remote or hybrid workforces, where digital-only communication is common
Real-Life Example:
In a recent string of attacks, scammers impersonated C-suite executives using slightly altered domain names and asked for urgent payments tied to “consulting services.” The invoices looked polished. The language was convincing. In one case, an employee wired a five-figure sum before realizing the error — and by then, the funds were long gone.
Why You Should Care:
Even seasoned finance teams can fall for this scam. Here’s what’s at stake:
- Significant financial losses — wire transfers can’t be reversed once processed.
- Reputational damage — losing client or company funds can destroy trust.
- Internal friction — employees may be blamed for mistakes caused by sophisticated deception.
BEC scams don’t rely on malware. They exploit human behavior — our trust in authority, fear of delay, and aversion to conflict.
How to Protect Yourself:
• Always verify payment requests via a secondary channel — Call the executive or message them on a different platform.
• Train your team to spot email red flags — especially inconsistencies in email addresses, tone, or urgency.
• Implement multi-person approval processes for payments above a certain threshold.
• Use DMARC, SPF, and DKIM protocols to help block spoofed emails at the domain level.
• Educate staff regularly with real-world scam examples — like this one.
Quick Tips & Updates:
Quick Tip #1: “Did you know? The email address and display name aren’t always linked. Always check the full ‘from’ field in suspicious emails.”
Pro Tip: “Avoid clicking links or opening attachments from emails that feel slightly off — even if they seem to come from your boss.”
Stay safe, stay informed.
Keywords:
• Business Email Compromise (BEC) – A form of cybercrime where attackers impersonate executives to trick employees into sending money or data.
• Spoofing – Faking the identity of an email sender to appear as someone trusted.
• Phishing – A scam where emails or messages are used to deceive individuals into revealing sensitive information.
• Email Display Name – The name shown on an email, which can be manipulated to impersonate others.
• Invoice Fraud – A scam involving fake bills or requests for payment sent to a business.
To read more, kindly find source article here