How do spoofed “CEO” ransom requests work?
Attackers spoof executive email addresses, sending urgent messages to finance or HR staff. Requests include: emergency wire transfers, confidential employee data, or gift card purchases. Apparent executive authority pressures quick compliance.
This is Business Email Compromise (**BEC**), not traditional **ransomware**. No encryption occurs; the attack relies entirely on **social engineering** and **impersonation**. Losses come from fraudulent transfers, not data hostage.
Defense: verification procedures for unusual requests (callback to known numbers, in-person confirmation), **DMARC** preventing **domain spoofing**, and employee training recognizing **impersonation** attempts. Financial controls limit damage.
Was this answer helpful?
Thanks for your feedback!