CEO fraud occurs when social engineers impersonate company executives and manipulate other employees to transfer unauthorized finances or information. According to the FBI, since January 2015, there has been a 270 % increase in identified victims of CEO scams, and $2.3 billion lost to CEO fraud.

Some examples of CEO fraud attack are as follows:

Cybercriminals make phishing attacks to an executive and gain access to their inbox, or email employees from a look-alike domain name that is one or two letters off from the target company's true domain name. Different from traditional phishing attacks, spoofed emails used in CEO fraud are rarely spam messages since in CEO fraud attacks, social engineers take the time to understand the target organization's relationships, activities, interests, and travel, and/or purchasing plans, and craft their email messages accordingly. They collect employee email addresses and other information from the target's website to help make the messages more convincing. Once cybercriminals have compromised the inboxes of their targets, they search email correspondence by filtering words that might tell whether the company routinely deals with wire transfers such as invoice, deposit, or president. The FBI evaluated that organizations victimized by social engineers using CEO fraud attacks lose on average between $25,000 and $75,000. However, some CEO fraud incidents have cost millions of dollars.