What Is Executive Phishing?

Executive Phishing is a scam where cybercriminals spoof company email accounts and impersonate executives to try and fool employees into executing unauthorized wire transfers or sending them confidential tax information. It takes aim at personally identifiable information, rather than simply tricking accounting staff into scheduling fraudulent wire transfers.


Executive Phishing is a form of Business Email Compromise (BEC) where a cybercriminal impersonates a high-level executive (often the CEO or Owner). Once they convince the recipient of the email (employee, customer, or vendor) that they are legitimate, they then attempt to get them to transfer funds or confidential information. BEC attacks are also called whaling or man-in-the-email. They are a way of tricking employees into turning large amounts of money over to cyber attackers. We had one of our clients experience this last year and the cyber-criminals involved almost got away with it. Thankfully, the threat was recognized and neutralized before the wire transfer was effectuated.


There Are 4 Executive Phishing Attack Methods

1. Phishing emails are sent to large numbers of users simultaneously in an attempt to “fish” sensitive information by posing as reputable sources-often with legitimate-looking logos attached.


2. Spear Phishing. This is a much more focused form of phishing. The cybercriminal has either studied up on the group or has gleaned data from social media sites to con users.


3. Executive Whaling. The bad guys target top executives and administrators, typically to syphon off money from accounts or steal confidential data.


4. Social Engineering. LinkedIn, Facebook and other venues provide a wealth of information about organisational personnel. This can include their contact information, connections, friends, ongoing business deals and more.

Who Is at Risk of Executive Phishing?


The CEO or Owner is not always the one in a criminal’s crosshairs. There are four other groups of employees who are considered valuable targets given their roles and access to funds and confidential information.


Finance. The finance department is especially vulnerable in companies that regularly engage in large wire transfers.


Human Resources. HR represents a wonderfully open highway into the modern enterprise. After all, it has access to every person in the organisation, manages the employee database and oversees recruitment.


The Executive Team. Every member of the executive team can be considered a high-value target. Many possess financial authority.


Find out what percentage of your employees are Phish-prone with a free phishing security test from Longhurst Consulting. If you do not do it yourself, the bad guys will.


Take the first step now to significantly improve your organisation’s defences against CEO Fraud and cybercrime.


Longhurst Consulting is focused on providing reliable and secure IT solutions with the best value for our clients. For more information contact us at (403)483-8699 or email mitz@Longhurstconsulting.com.