The fake CEO email.
Gift cards, wire changes, W-2 forms, payroll routing — all the classic CEO-impersonation scams. One callback habit kills every variant.
It's one of the oldest scams in the book and it still works on businesses every single week. An email arrives from "the CEO" asking for an urgent favor — gift cards, a wire, payroll changes, a W-2. It's short, it's friendly, and it comes right when the real CEO is traveling or in meetings. By the time anyone notices, the money's gone.
Why it keeps working
Authority and urgency are the two most powerful manipulation tools in security. "The CEO needs this by end of day" activates both at once — people don't want to bother leadership with a verification question, and they don't want to miss a deadline. The attacker knows this. The whole email is designed to make the verification feel rude.
The variants you'll see
“"Hey, are you at your desk? I'm in a meeting and need you to buy $500 in Apple gift cards for a client gift. I'll reimburse you Monday."”
Red flag: Real executives don't run gift card errands via email. Gift cards are not a business expense anyone handles this way.
“"Can you update my direct deposit to this new account? My other one got compromised."”
Red flag: Payroll direct deposit changes should never happen via email alone. Always require photo ID and a verbal confirmation.
“"Please send me the W-2 forms for all employees — we need them for a tax review."”
Red flag: A classic tax-season attack. Real reviews don't request everyone's W-2s through an email ping.
The policy that stops every version
Any financial or HR-related request from leadership — gift cards, wires, payroll changes, tax documents — gets a verbal callback, on a phone number you already have on file, before anything happens. Even if it delays the task by ten minutes. Even if the executive seems annoyed (they won't be — they'll be relieved).
Write it down and share it.
A two-sentence policy — pinned to the wall, signed during onboarding — stops nearly every CEO fraud email. We can send you a template.
- 1Create a two-sentence policy: no financial or HR request from leadership gets actioned without a verbal callback.
- 2Make it explicit that 'I'm in a meeting' is never a reason to skip verification — it's a reason to pause.
- 3Train everyone in finance, HR, and executive assistant roles on the policy.
- 4Set up a channel (Slack, Teams) where staff can quickly ask "did you send this?" without feeling awkward.
- 5Report attempted CEO fraud emails to threats@networkbrainiacs.com so we can share patterns with other clients.
Want help securing your business?
Schedule a quick security review with our team. 15 minutes, no sales pressure — walk away knowing exactly where your gaps are.
Schedule a quick security reviewKeep reading
Verify before you wire.
Wire fraud is the fastest-growing financial attack on small businesses. The fix is a 90-second phone call before the money moves.
ReadTip #20 · Social engineeringSocial engineering on the phone.
Vishing is phishing over the phone — and it's still remarkably effective because people trust voices more than emails. Learn the tells.
Read