Email Spoofing CEO / Wire Transfer Fraud

The Evolution of Email Fraud

Email fraud and email spoofing have become increasingly sophisticated within the past few years. Even to the point where fraudulent emails will surpass traditional SPAM filters and make it to unsuspecting employee’s email inboxes. Unbeknownst to the employees, these emails appear to be sent from their superior, or the owner or CEO of the company with simple requests. The ‘document requests’ emails are known to request employee forms from HR such as W-2s or 1099s. These scams have all been fallen for with disastrous results. Employee’s social security numbers, addresses, and wage information can be in jeopardy.

Tech Target has a great definition of email spoofing: “Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source.”

These emails are designed to make it through traditional filters due to forged email headers. This situation is comparable to writing a hot-check: The accepting party is unaware the hot-check is fraudulent but accepts the check on good faith.

What makes these fraudulent emails even more suspect is that if these emails are replied to, you will receive a reply with further instructions. Replying to the ‘document request’ email will warrant a reply from the fraudulent sender with a bogus link to download the ‘files’. Or, the email may also contain a ZIP container with malicious content.

Things to look for:

  • Check the reply email address, sometimes it will be different than the assumed sender’s actual email address
  • Check for incorrect grammar, spelling, and punctuation
  • If a link is provided, hover over the link (without clicking) to show the URL the link is being directed to
  • Check for a proper email signature

Not all of these items will apply in each situation, but noticing one could make the difference between sending or downloading items from an illegitimate source.

For these suspect emails, especially the wire transfer requests, it is best to implement a policy to pick up the phone and call the person requesting the information. This is the best way to verify if the request is legitimate. These emails can even appear to come from clients with file sharing links to bogus sites to infect the user’s computer systems.

Two common email spoofing scams are the document sending/request and wire transfer fraud. Below are examples of what those emails could look like:

Example 1. Document Send/ Request Fraud
From: Your CEO [] Sent: February 1, 2018 12:00 PM
Subject: [No Subject]

Did you get the document I sent you?


Your CEO


Example 2. Wire Transfer Fraud
From: Your CEO [] Sent: February 1, 2018 12:00 PM
Subject: Wire Transfer

I need you to transfer me $20,000.


Your CEO


How to protect your company?

These types of emails are notorious for making it through traditional SPAM filters. The reason they are so difficult to block is that they are sent in a way to make it appear as if they are coming from a reputable source. The filters cannot block the CEO from sending emails, even though his email address or name has been spoofed. One of the best lines of defense is educating yourself and your staff on what to do in the event that such an email spoofing is received. Show them the items to look for, such as checking the reply email address and checking any links in the email by hovering, but not clicking, over the links.

The motto I pass along is from KnowBe4, a security awareness training company, is Think Before You Click! If you are not expecting such an email from a C-level or client with a request for document or money transfer, check with them prior to taking any action. This can make the biggest difference between doing something you are requested to do versus doing something you are not supposed to do. It is better to ask for too much information than not enough in these circumstances.

Employee training programs are becoming more popular and provide training videos and documentation on what to look out for and additional measures to take to protect yourself and your company in case such an event occurs.


Always use the best judgment when dealing with these types of emails. If you receive an email requesting documents or a wire transfer and you were not expecting such an email, the best thing to do is to contact the sender directly, via phone or in person, to verify the request. Do not reply to these emails as you will receive some type of reply with further instructions.

Having traditional Anti-Virus, Anti-Spam and Anti-Malware will protect you to a certain degree. They will block any intrusions into your computer or systems unless allowed, and they will block the user from clicking on bogus URLs and being directed to malicious sites. Of course, there is the human element in play here. This will not stop an employee from sending files directly to a fraudulent request. Employees must be trained and notified of what to look out for in case of such an incident.

Implement policies within your business to plan for such an occurrence. Make sure employees know to ask for further clarification before sending or requesting additional information or documentation which could compromise the business. If a proper process is implemented, a business can look back to the policy itself to make sure it was followed properly by their staff. Employee training will go a long way to preventing such an incident from happening in the first place.

If you have any questions about what Custom Information Services can do for your business, contact us today.

Published On: March 7, 2018Categories: Cybersecurity