How do spoofed “CEO” ransom requests work?

Attackers spoof executive email addresses, sending urgent messages to finance or HR staff. Requests include: emergency wire transfers, confidential employee data, or gift card purchases. Apparent executive authority pressures quick compliance.

This is Business Email Compromise (BEC), not traditional ransomware. No encryption occurs; the attack relies entirely on social engineering and impersonation. Losses come from fraudulent transfers, not data hostage.

Defense: verification procedures for unusual requests (callback to known numbers, in-person confirmation), DMARC preventing domain spoofing, and employee training recognizing impersonation attempts. Financial controls limit damage.