CEO fraud, sometimes called director impersonation or business email compromise, targets the people in your business who can move money. A criminal pretends to be a director or senior figure and instructs a member of staff to make an urgent, often confidential, payment.
How it works
- An email or message appears to come from a director, sometimes from a spoofed or compromised account.
- It asks for an urgent payment or a change to supplier or lender bank details.
- It stresses secrecy and speed, discouraging the usual checks.
- It may reference a real deal or relationship to seem genuine.
How to defend against it
- Agree a rule that any payment request or change to bank details is verified in person or by a known phone number, never by replying to the message.
- Be suspicious of urgency and secrecy. Genuine requests can withstand a quick check.
- Make sure finance staff feel able to question a request, even one that appears to come from the top.
Where we fit in
If a request claims to relate to your loan with us, confirm it against your portal and contact us through a verified channel before acting. We will never pressure your staff into a secret or rushed payment, and our genuine repayment arrangements are visible in your account.
See also: Who can authorise payment changes on my company's account?, Spotting fake invoices and payment redirection fraud and Can a non-UK company or overseas director apply?.