Skip to content
AICPA-CIMA
  • AICPA & CIMA:
  • Home
  • Engage 365 Communities
  • CPE & Learning
  • My Account
Journal of Accountancy
  • TECH & AI
    • All articles
    • Artificial Intelligence (AI)
    • Microsoft Excel
    • Information Security & Privacy

    Latest Stories

    • Drafting an AI policy that actually works
    • What AI agents mean for CPA firms
    • A guide to fighting AI-fueled AP/AR fraud

  • TAX
    • All articles
    • Corporations
    • Employee benefits
    • Individuals
    • IRS procedure

    Latest Stories

    • IRS designates certain CRAT arrangements as listed transactions
    • Eligible taxpayers to get automatic IRS penalty relief
    • IRS adds online option, details for Kwong-related refund claims
  • PRACTICE MANAGEMENT
    • All articles
    • Diversity, equity & inclusion
    • Human capital
    • Firm operations
    • Practice growth & client service

    Latest Stories

    • IRS designates certain CRAT arrangements as listed transactions
    • Eligible taxpayers to get automatic IRS penalty relief
    • Scam stoppers: 5 ways CPAs can help older clients fight financial fraud
  • FINANCIAL REPORTING
    • All articles
    • FASB reporting
    • IFRS
    • Private company reporting
    • SEC compliance and reporting

    Latest Stories

    • SEC shares 3 goals in proposed 2026–2030 strategic plan
    • SEC proposes rescission of climate disclosure rules
    • SEC proposes semiannual reporting option for public companies
  • AUDIT
    • All articles
    • Attestation
    • Audit
    • Compilation and review
    • Peer review
    • Quality Management

    Latest Stories

    • PCAOB consultation process offers new options for firms seeking guidance
    • Standardization of sustainability reporting improves, but obstacles remain
    • How to monitor a firm’s system of quality management
  • MANAGEMENT ACCOUNTING
    • All articles
    • Business planning
    • Human resources
    • Risk management
    • Strategy

    Latest Stories

    • How to handle increased enforcement of unclaimed property notices
    • Standardization of sustainability reporting improves, but obstacles remain
    •  What it takes for a CFO to lead operations and tech
  • Home
  • News
  • Magazine
  • Podcast
  • Topics
Advertisement
  1. newsletter
  2. Cpa Insider
CPA INSIDER

Don’t fall victim to the newest phishing scam

Executive impersonation exploits employees’ desire to please their superiors.

By Samiha Khanna
October 24, 2016

Please note: This item is from our archives and was published in 2016. It is provided for historical reference. The content may be out of date and links may no longer function.

Related

October 1, 2016

Keeping clients’ tax data secure

September 6, 2016

Technology risk: It’s more than cybersecurity

August 1, 2016

Controlling your data

TOPICS

  • Technology
    • Information Security & Privacy
  • Forensic Services
  • Firm Practice Management
    • Human Capital
    • Firm Operations

It might take just one crafty and well-timed email for a fraudster to breach an organization’s financial accounts. And the perpetrators don’t even need sophisticated hacking techniques to get in—they can mine crucial information from your executives’ public profiles on social media.

In a scam that fraud experts call “executive impersonation,” thieves use the internet, social media sites such as LinkedIn, and even “out-of-office” email replies to steal from businesses that use suppliers and bank accounts in foreign countries. In 2014, U.S. companies lost $179 million to these scams, according to the FBI’s Internet Crime Complaint Center.

As a new fraud report from the AICPA Forensics and Valuation Services team explains, executive impersonation exploits a value most employees possess: an eagerness to please the boss.

The fraud often involves an email to an employee responsible for wire transfers or other transactions, said David Zweighaft, CPA/CFF, managing director of DSZ Forensic Accounting & Consulting Services in New York City, and the member of the AICPA Fraud Task Force who wrote the report. Typically, the message asks the employee to wire funds somewhere—often to a foreign account to assist with an urgent, high-stakes deal.

Criminals can obtain the names of the executives and employees responsible for financial transactions from company websites or Linkedin, or even by posing as a recruiter and calling an organization to obtain a directory.

The messages they send appear authentic, as they come from fake email addresses that are nearly identical to those of high-level executives. For example, if the actual address is CEO@victimco.com, the fake address might be CEO@vicitmco.com, Zweighaft said.

“These bogus email accounts are rarely traceable because they are one-time-use accounts, often originating from an overseas server,” he said.

Advertisement

Usually, fraudsters try to create a sense of urgency in their emails.

“Often, the executive impersonator will indicate that the need for the funds is related to an acquisition or other professional services related to appraisals, due diligence, etc., in connection to an acquisition,” said Annette Stalker, CPA/CFF, owner of Stalker Forensics and chair of the AICPA Forensic and Litigation Services Committee. Sometimes, she said, the messages refer to a business deal “where timing is critical and confidentiality is key, particularly to ensure compliance with regulatory bodies.”

Typically, potential thieves will deter suspicion by asking for sums of money that are within the usual range that an executive at the company would request.

The timing of the email is crucial. Phishing messages are typically sent when the executives being impersonated are going to be out of the office and hard to reach, either because they are busy or in another time zone with different business hours.

But how would a thief know an executive’s personal schedule? Social media and email, Stalker said.

“Many executives announce speaking engagements or conferences on social media sites in a way that lets anyone view these posts on LinkedIn, Twitter, Facebook, and a number of other lesser-known sites,” she said. Automatic out-of-office replies also contain details that fraudsters can use to make their emails appear more credible, Stalker said, such as which dates an executive will be out of the country.

Fear of being impersonated shouldn’t outweigh the business advantages of using social media to announce speaking engagements, conference participation, or community events, she said. But employees should take care not to reveal information about their “authority level, ability to approve payments, and other possible hints about their job,” Stalker said. “For executives who are traveling, automated email replies should only convey the essential part of the notification (the person is unavailable and provide a name of another contact person) without revealing unnecessary elements such as whether the executive is out of the country, or the name of the city/state the executive is currently in.”

Advertisement

The best defense against fraud is awareness, training, and repetition, Zweighaft said. Circulating news reports of similar attacks on other companies will reinforce a skeptical mindset among employees, which is the first line of defense. Companies can increase the frequency of their cybersecurity training. They can also update their policies to require two employees to approve a wire request and verify the recipient’s identity. Firms may also want to hire cybersecurity consultants to identify any weaknesses in their electronic communications and transfer processes.

If you suspect there has been a breach, it’s important to take action quickly to minimize damage, Zweighaft said.

To deal with cases of executive impersonation “companies should be ready to quickly assemble a response team, including in-house counsel, the CIO and staff responsible for IT security, and outside consultants,” he said. Organizations need to quickly launch an internal investigation so that management and the board of directors have all the relevant facts, and so that law enforcement, government investigators, and insurers can be apprised of the details of the incident.

Samiha Khanna is a freelance writer based in Durham, N.C. To comment on this article, email associate editor Courtney Vien.

Advertisement

latest news

July 9, 2026

IRS designates certain CRAT arrangements as listed transactions

July 8, 2026

Eligible taxpayers to get automatic IRS penalty relief

July 7, 2026

Scam stoppers: 5 ways CPAs can help older clients fight financial fraud

July 6, 2026

IRS adds online option, details for Kwong-related refund claims

July 6, 2026

PCAOB consultation process offers new options for firms seeking guidance

Advertisement

Most Read

Self-directed IRAs: A tax compliance black hole
IRS adds online option, details for Kwong-related refund claims
Eligible taxpayers to get automatic IRS penalty relief
How to build reusable Skills in Anthropic's Claude AI
Profession Ready Initiative targets gaps in early-career CPA readiness
Advertisement

Podcast

July 9, 2026

From estate planning to AI: Managing CPA liability

July 2, 2026

The AICPA’s CEO on trust, AI, and the profession’s future

June 25, 2026

Midyear advocacy update: STEM, BOI, taxes and licensure

Features

Start in high school to strengthen the accounting profession

Start in high school to strengthen the accounting profession

Accountancy in America: Meeting the moment for 250 years

Accountancy in America: Meeting the moment for 250 years

A guide to fighting AI-fueled AP/AR fraud

A guide to fighting AI-fueled AP/AR fraud

How to handle increased enforcement of unclaimed property notices

How to handle increased enforcement of unclaimed property notices

How to tame funding volatility in not-for-profits

How to tame funding volatility in not-for-profits

What AI agents mean for CPA firms

What AI agents mean for CPA firms

FROM THIS MONTH'S ISSUE

A cool tool for customizing Windows 11

Improve Windows 11’s usability with a start-menu and taskbar replacement tool to personalize your experience. Learn how in this Tech Q&A article.

From The Tax Adviser

June 30, 2026

Condo casualty losses: Deductions for common-interest property

May 31, 2026

Trust distributions: Timing, tax, and practical considerations

May 31, 2026

Current developments in taxation of individuals: Part 3

April 30, 2026

Current developments in taxation of individuals: Part 2

MAGAZINE

July 2026

July 2026

June 2026

June 2026

May 2026

May 2026

April 2026

April 2026

March 2026

March 2026

February 2026

February 2026

January 2026

January 2026

December 2025

December 2025

November 2025

November 2025

October 2025

October 2025

September 2025

September 2025

August 2025

August 2025

view all

View All

PUSH NOTIFICATIONS

Learn about important news

This quick guide walks you through the process of enabling and troubleshooting push notifications from the JofA on your computer or phone.

CPA LETTER DAILY EMAIL

Subscribe to the daily CPA Letter

Stay on top of the biggest news affecting the profession every business day. Follow this link to your marketing preferences on aicpa-cima.com to subscribe. If you don't already have an aicpa-cima.com account, create one for free and then navigate to your marketing preferences.

Connect

  • JofA on X
  • JofA on Facebook

HOME

  • News
  • Monthly issues
  • Podcast
  • A&A Focus
  • PFP Digest
  • Academic Update
  • Topics
  • RSS feed
  • Site map

ABOUT

  • Contact us
  • Advertise
  • Submit an article
  • Editorial calendar
  • Privacy policy
  • Terms & conditions

SUBSCRIBE

  • Academic Update
  • CPE Express

AICPA & CIMA SITES

  • AICPA-CIMA.com
  • Global Engagement Center
  • Financial Management (FM)
  • The Tax Adviser
  • AICPA Insights
  • Global Career Hub
AICPA & CIMA

© 2026 Association of International Certified Professional Accountants. All rights reserved.

Reliable. Resourceful. Respected.