CEO FRAUD PLAYBOOK: Year-end targeting
How fraudsters exploit year-end urgency to steal thousands through CEO impersonation, and the simple 2-minute rule that stops them.
Last week, a nonprofit finance director wired $47,000 to a fraudster.
The email looked exactly like it came from her executive director. Urgent. Confidential. "We need to close this before year-end."
She's not naive. She's experienced. And she's far from alone.
CEO impersonation accounts for 39% of all business email compromise attacks. The average loss? $120,000 per incident.
Here's the uncomfortable truth: 83% of that money is never recovered.
Year-end is hunting season for these fraudsters. Budgets are closing. People are distracted. Urgency is everywhere.
They know this.
The 2-Minute verification rule
Before sending any payment over $1,000 that's requested via email, wait two minutes and verify through a separate channel.
Not a reply email. Not a forwarded thread.
Pick up the phone. Send a Slack. Walk to their office.
Two minutes can save you six figures.
The scam works because it hijacks your instinct to be responsive. To move fast. To help your boss.
Slow down.
The real CEO will never be upset that you verified. The fake one is counting on you not to.
Your one action today
Text your finance team this: "For any wire request over $1K, call me to confirm. Always."
That's it. One message. One new habit.
The holidays are coming. The fraudsters are already at work.
Don't make their job easy.