Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Redazione RHC : 28 November 2025 19:39
This morning, Paragon Sec was contacted by an Italian company that had been the victim of a new fraud attempt known as the CEO Scam . The accounting department received an urgent email, apparently from their CEO, requesting immediate payment of a €4,000 invoice.
The message, accompanied by a seemingly authentic invoice, indicated the need for an immediate transfer. The employee in charge of payments, believing he was following a direct order from his manager, made the transfer without further verification .
Only later did the bank discover that the IBAN indicated was associated with a fraudulent entity and promptly blocked the transaction , preventing financial losses. This case confirms how these campaigns are becoming increasingly frequent, sophisticated, and targeted at Italian companies.
CEO Scam , known internationally as Business Email Compromise , is a social engineering technique in which criminals impersonate a senior company executive , typically the Chief Executive Officer or Chief Financial Officer.
Using believably crafted emails, scammers trick a trusted employee—often a payment processor—into making urgent, seemingly legitimate money transfers.
The strength of this attack is not technology, but psychological manipulation: urgency, authority, and confidentiality are exploited to push the victim into acting without thinking.
To combat CEO Fraud, it is essential to adopt clear internal procedures and train employees to recognize suspicious signs.
Among the most effective measures are:
This case demonstrates how attacks don’t just target technology, but above all human behavior . The main vulnerability lies in trust , psychological pressure , and the lack of cross-checking .
Prevention requires ongoing training, awareness, and the adoption of corporate processes that allow employees to pause, question, and verify before performing any unusual financial transactions.
The CEO scam, once again, proves to be one of the most insidious threats to Italian companies.
The CEO Scam begins with an information gathering phase, which criminals carry out using OSINT techniques and web scraping of platforms like LinkedIn. Here, they reconstruct the company’s organizational chart, identify the CEO, CFO, and key figures in the administrative department , and observe habits, roles, and internal relationships. They also analyze data from old dark web collections, which contain email addresses, compromised conversations, and naming patterns useful for faithfully imitating the company’s internal communications.
Once they have this information, the attackers isolate the two central figures in their scheme : the manager they want to impersonate and the most vulnerable employee, usually the person in charge of bank transfers or payments. Using social networks, public archives, and data leaked from previous breaches, they reconstruct procedures, schedules, responsibilities, and personal details. This allows them to understand when the manager might be unavailable and under what conditions the employee would be more likely to execute an urgent order without verification.
In the final stage , attackers craft and send the fraudulent email, exploiting the language, signature, and style of the real executive. The message contains an urgent request for payment, often accompanied by language such as ” confidential ,” ” do not discuss with others ,” or ” must be done immediately .”
At that point, the success of the scam no longer depends on the technology, but on the psychological pressure exerted on the victim, who believes he or she is following a legitimate order from above.
Redazione