Cybercriminals Impersonate CEO Emails to Defraud Companies in Sophisticated BEC Attacks
A new wave of highly targeted cyberattacks has been uncovered by global cybersecurity firm Kaspersky, revealing an alarming tactic where threat actors impersonate corporate executives to deceive finance teams into transferring funds to fraudulent accounts.
Over the past several weeks, Kaspersky researchers observed multiple business email compromise (BEC) attempts directed at financial departments within organizations. In these attacks, emails forged to appear as correspondence from the company’s CEO to external contractors were sent to accounting staff, urging urgent payment of fake invoices for fictitious consulting services.
“These incidents reflect a disturbing trend where attackers exploit trust by forging executive identities and creating convincing email threads to pressure employees into transferring money,” said Anna Lazaricheva, spam analyst at Kaspersky.
Deceptive but Convincing Tactics
Upon closer analysis, Kaspersky confirmed that in all reported incidents, the sender’s display name appeared to be legitimate – often the name of the company’s CEO or a supposed contractor firm – but the actual sender address had no connection to either party and varied with each email. This manipulation, designed to exploit visual trust cues, was central to the success of the attack attempts.
In some cases, the fraudulent emails included fake invoice attachments and claimed to be communications between the CEO and a fictional legal contractor. The attacker would reference this email thread as evidence to legitimize the payment request. In other cases, no invoice was attached, but the language used was urgent and mimicked the tone of an executive under pressure, pushing for immediate payment.
Targeting Human Error
What sets these BEC campaigns apart is their meticulous attention to detail and psychological manipulation, capitalizing on employees’ tendency to avoid questioning authority – especially when requests appear to come from high-level executives.
Kaspersky experts warn that such tactics are becoming increasingly common and dangerous, particularly as remote work and digital communications become the norm.
Prevention and Best Practices
To help organizations avoid falling victim to similar scams, Kaspersky recommends the following preventive measures:
Always verify the sender’s full email address, not just the display name.
Avoid clicking on links or opening attachments unless the sender is confirmed and the content is expected.
If a message seems suspicious, verify its legitimacy through an alternate communication channel.
Double-check website URLs for phishing indicators – attackers often use lookalike domains that are nearly indistinguishable from the original.
Implement comprehensive cybersecurity solutions like Kaspersky Next and Kaspersky Premium for enhanced threat detection and protection.