Supposedly urgent payment request from the boss or CEO. Typically, the boss or CEO cannot be reached by telephone for further information.
This type of scam targets companies, organisations and other institutions. What these scams all have in common is that information about the organisation being targeted is easy to obtain. Many businesses and organisations publish information on their staff, including names, roles and email addresses, on their websites or social media. This makes it easy for scammers to identify who are the key players in financial processes.
Using this information, the scammers create a scenario for their attack. The scam usually involves a fraudulent email sent to administrative staff, pretending to be from a senior executive. The scammers use a convincing story to trick their target into making urgent payments or buying gift cards. Do not send any money or purchase gift cards without first verifying the request.
Specific measures
Preventive measures
How the NCSC can help
Further Information
- Do not transfer money or buy gift cards without checking first.
- In the case of unusual requests, verify the accuracy of the order by calling or speaking to the customer in person - not by replying to the email in which the unusual request was made.
- If you have made a payment, contact the bank you used immediately. They may be able to stop the payment.
- If you have suffered a financial loss, we recommend that you report it to the police. You can find your nearest police station on the Suisse ePolice website.
- Raise awareness of CEO fraud among the managers in your organisation.
- In particular, new employees should be informed about the possibility of such attacks. Scammers often specifically target new hires.
- Only publish email addresses on your website if absolutely necessary.
- Do not make any internal information public.
- Be careful when handling unusual payment requests.
- All processes relating to payment transactions should be clearly regulated within the company.
- Your report via the online form helps the NCSC identify trends. This makes it possible for the NCSC to raise public awareness in a targeted way.
- If an IBAN has been misused for fraudulent purposes, the NCSC can report this to the law enforcement authorities.
Last modification 09.12.2021
