Executive Impersonation Scams Are on the Rise

This is an important fraud-prevention advisory regarding a growing trend in sophisticated senior executive impersonation scams.

Scammers are using highly convincing tactics to impersonate CEOs, CFOs and other senior leaders. Their goal is to pressure employees into making unauthorized financial transfers or releasing sensitive information. These attempts often appear urgent, confidential and legitimate.

Common Tactics Scammers Employ:

• Executive impersonation: Using researched details, spoofed personal emails or even voice mimicry to pose as senior leaders.
• "Confidential project" narratives: Fraudsters claim involvement in sensitive deals or urgent restructuring to discourage verification.
• Off‑channel communication: Requests made through personal email, mobile messaging apps or calls; intentionally avoiding corporate systems.
• Deepfake or staged virtual meetings: Fake participants, stolen photos and fabricated identities are used to create legitimacy.
• Extreme urgency: Pressure to bypass standard approval steps under the guise of time‑sensitive transactions.
• Fake documentation: Fraudulent powers of attorney, board resolutions, or letters—often with formatting or signature inconsistencies.

Red Flags to Consider:

• Unexpected contact from an executive via personal email or messaging apps
• Requests labeled "confidential" that prohibit verification with others
• Pressure to circumvent standard internal controls or approval steps
• Urgent demands for account openings, transfers, or sensitive data
• Refusal to communicate through corporate channels or video

Recommended Protective Measures for Staff to Emply:

• Verify through official channels: Use known corporate phone numbers or email addresses for confirmation.
• Educate your team: Ensure employees recognize these red flags and never act on unverified instructions.
• Maintain internal controls: Never override maker-checker processes, callback protocols or KYC standards.
• Confirm project legitimacy: Validate any new or unusual request with known contacts or authorized stakeholders.

If You Suspect a Scam, Please:

• Do not respond or act on the request.
• Independently verify the request using trusted contact information.
• Report the incident immediately to your internal IT or security teams.

Protecting your organization from emerging threats should always be among your top priorities.