What happens when you reply to a CEO impersonation email?

Today I received my first spoof CEO email. I dare say it won’t be the last one I receive with the rise in this form of cyber-attack. If you’re not familiar with them, it’s when a spammer tries to pass themselves off as a senior person in your company in order to get you to do something for them (usually a bank transfer). The hope being that you’ll not question the wishes of your boss and will push through the payment without the usual checks.

While there are many sophisticated spam filters that minimise the likelihood of this, occasionally, some emails inevitably slip through the net, like this one.

The message I received is below. This particular impersonation attempt was pretty poor to be honest, complete with a ridiculous from address and bad grammar. The only thing they did get right was the name of my boss, and I’m 100% sure that’s his name is Pete as he sits next to me and was actually sat next to me when I received this email.

I decided to reply

Rather than just mark the email as spam I wanted to find out more about the different tactics the spammer would use to try and learn more about their process.

Here is the email I sent over, hoping to make the spammer think that he had someone on the end of his line. Note the different characters in the ‘Sent’ line, another sign of a dodgy email.

This was quickly followed up by the message below. Apparently my CEO needed me to sort him out some gift cards ‘urgently to finalize a task.’ This was a new one for me as I’d always heard that CEO fraud involved a request to transfer x amount of money into an account ASAP.

Again I replied. I wanted to know more about the type of gift cards they were after. Maybe they were after some Argos vouchers so they could take care of some last minute Mother’s Day gift buying.

I got a reply from ‘Pete’ almost immediately asking for £1,000 of Steam Wallet cards in £100 denominations and I was to send him photos of the codes. Steam Wallet, for those who don’t know (myself included before today) are vouchers for video games so I assume the customers ‘Pete’ was trying to impress really needed to do some in-game purchases on Fortnite or Call of Duty ASAP hence the mad rush. Either that or I was being scammed by a 14-year boy in his bedroom.

Out of curiosity I decided to tell ‘Pete’ that I couldn’t get the vouchers he needed but I could get him something else:

Again, almost immediately I got a reply saying yes Amazon vouchers would be fine. It seems ‘Pete’ wasn’t too fussed after all about the gaming vouchers and was happy with Amazon ones, maybe his customers really needed an Alexa or an Echo and needed it in a hurry.

I waited a while and followed it up with the email below. Sadly ‘Pete’ hasn’t been in touch. I assume he got his own vouchers in the end…


Fortunately, this example above was so poorly executed by ‘Pete’ that it was an easy one to spot. But it won’t always be like this. The techniques used by spammers are getting more and more sophisticated and will catch people out more often.

There are a range of solutions and training available which can a) stop the majority of these types of emails coming through in the first instance and b) help educate users so they know what to look out for if they receive an email like this. For more information on email security please contact us.


Share on linkedin
Share on twitter
Share on facebook
Share on email
Share on print


Share on linkedin
Share on twitter
Share on facebook
Share on email
Share on print

Get your free personalised benchmark report when you take our 5-min survey and pass it on to colleagues.

Plus, you could win 1 of 5 £100 bar/restaurant vouchers.


For more information, view our privacy policy.

Hosted Apps

Virtualise any of your customers legacy / on-premise apps and host them in the cloud. Now customers can enjoy the accessibility of the cloud without having to seek out alternatives to their favourite software.

Citrix Workspace

The future of desktops. Arrange all of your customers desktops, apps and files in one simple interface. Create a digital perimeter that secures and controls all apps whether on-premise, web or SaaS.

Hosted Desktops

Enable your customer to access their desktops and files from anywhere, at any time, on any device. We can even virtualise on-premise apps for full remote connectivity to all essential business tools.