Executive Impersonation Attacks

Executive impersonation is a type of business email compromise (BEC) attack where a bad actor, impersonating a company executive, asks another employee to take an action that is harmful to the organization. Examples include the CEO-to-CFO scam, where fraudsters impersonate the CEO of a company in an attempt to get the CFO or other financial executive to transfer money, and the W-2 scam, where fraudsters impersonate an executive in order to get an employee to send them tax records for company staff.

Why it matters

To execute these attacks, bad actors typically spoof the visible ‘From’ field in an email header to match the email address of a trusted executive. With no reliable way to validate that the email is from the executive, the receiver assumes it is a valid message.

Having gained the trust of the recipient, the fraudster may successfully extract one or more of the following:

  • Access — passwords for future malicious activity
  • Information — valued data such as PII or W-2s to be used for identity theft
  • Money — funds belonging to target entity

However, executive impersonation attacks sent in your domain name can be stopped. These same-domain name attacks, which account for two thirds of all email attacks, will never be successful if your company has adopted DMARC-based email authentication.