Topics
Services
Home > CEO fraud remains ...
EN
EN DE FR IT

CEO fraud remains a perennial issue for SMEs

CEO fraud continues to be one of the most frequently reported fraud methods to the BACS and increased from 719 to 971 cases last year compared to 2024. Last week, the BACS again received reports showing that the perpetrators are constantly refining their scams. They no longer rely exclusively on fake emails, but also on psychological manipulation and artificial intelligence. This week's review looks at how you can recognize the subtle warning signals in everyday working life.

Editorial - February 6, 2026
Above all, feigned urgency leads to fraudsters succeeding with the CEO scam Photo: Depositphotos/LDProd

In the hectic pace of everyday business life, emails from superiors often set the pace for priorities. When management issues an instruction, it is usually carried out quickly and without much questioning. It is precisely this reflex that cyber criminals exploit in CEO fraud. The attacks often occur in waves and affect SMEs or associations of all sizes. The fraudsters mainly use data from public sources. Companies, associations or municipalities that publish information about their employees or their team on their website or in social media are therefore the main targets.

It all starts with research

Unlike phishing emails sent en masse, the perpetrators of CEO fraud prepare themselves. They search social networks such as LinkedIn or the company website as well as the commercial register to analyze hierarchies, responsibilities and absences. They know exactly who in the accounting department has access to the accounts and who in the management is authorized to issue instructions.The typical scenario that is repeatedly reported to BACS is as follows: An employee in the finance department receives an e-mail that appears to come from the CEO. The sender's name is correct and the e-mail address also seems trustworthy at first glance. Only at second glance do discrepancies become apparent. Fraudsters often use domains with «typosquatting», i.e. minimal spelling mistakes in the domain.

Authority meets time pressure

In the message, a scenario is usually constructed that is formulated as a «request» and requires haste. Popular pretexts are:

  • An urgent payment to a foreign supplier, usually followed by a question about the outstanding or current account balance;
  • The purchase of gift cards or vouchers for partners, which must be completed immediately.

The perpetrators build up psychological pressure. Phrases such as «I rely on your discretion», «I am incredibly grateful» or «Make the payment immediately» are intended to prevent the employee from complying with the usual security requirements or asking questions.

New variant via WhatsApp and with AI

CEO fraud does not only take place via email, however. Fraud attempts are now also being made via WhatsApp or telephone. One worrying development here is the increasing use of artificial intelligence (AI). Criminals are using AI tools to imitate the writing style of real superiors - including typical greetings or phrases. As a recently publicized case in the canton of Schwyz showed, in which a company lost several million francs, deepfake audio calls or voice messages are also increasingly being used. The voice of the boss or a business partner is deceptively imitated by artificial intelligence, and video conferences manipulated using artificial intelligence have also been observed. However, these appear to be too complex for the fraudsters to implement. They are probably still trial balloons. The attackers are concentrating more on the telephone variant and voice cloning.

Law firms again and again

The BACS also repeatedly receives reports that contact is being made via lawyers. The names of existing law firms based in Switzerland are misused to create trust among the victims. In this case, the alleged superior asks the victim whether a specific lawyer has already contacted them about a confidential matter or an urgent mandate. This mention of a third party is intended to build up additional respectability and legal pressure. In addition, the victims are not as familiar with the lawyer's characteristics and habits as they are with those of their boss or their own employees. The fraudsters therefore do not have to go to such great lengths to imitate the person. As a rule, the fraudsters then pretend to be the lawyer in question in order to demand an urgent foreign bank transfer under the pretext of utmost secrecy.

Recommendations

The BACS advises companies to set up technical and organizational barriers:

  • Four-eyes principle: For payments and changes to master data (e.g. a supplier's new IBAN), it is essential to enter a collective signature or approval by another person.
  • Verification via a second channel: If you receive a request for payment by e-mail - especially if it is «urgent» or «secret» - call the client. Do not use the number in the e-mail, but the number you know.
  • No exceptions: Clearly agree that safety processes must not be circumvented, even (and especially) in the case of instructions from the boardroom. Healthy skepticism should be seen as a strength in the corporate culture, not as disobedience.
  • Marking of external e-mails: Configure your email server so that emails from external senders are clearly marked in the subject or body (e.g. «EXTERNAL»). This makes it immediately obvious if an email is supposedly from the internal CEO but was actually sent from an external address.

Source: BACS

(Visited 33 times, 1 visits today)

More articles on the topic

The BACS and the SIA focus on cyber security at Swissbau 2026

More targeted, more complex, more sophisticated - almost 65,000 reports to BACS in 2025

Axis Communications: The four most important technology trends for the security sector in 2026

SECURITY NEWS

Stay informed about current security topics - practical and reliable. Receive exclusive content directly to your inbox. Don't miss any updates.

Register now!
register
You can unsubscribe at any time!
close-link