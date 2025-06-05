Targeted attacks mimic executives to steal funds

With cyberthreats to business executives on the rise, Kaspersky has detected a series of sophisticated attack attempts aimed at deceiving an organisation’s finance team into paying fraudulent invoices.

Emails mimicking correspondence between the organisation’s CEO and contractor companies were sent to the organisation’s finance department to persuade them into paying urgent “invoices” for alleged “consulting services”. These attack attempts highlight a disturbing trend of targeted schemes leveraging forged executive identities to exploit corporate trust.

The analysed attack attempts were examples of business email compromise (BEC) attacks. As a rule, such attacks are made on behalf of a management representative of a compromised firm. Importantly, in all analysed cases the senders were fake – the real addresses from where the emails came had nothing in common with the displayed sender names. These tricks were used to persuade the victims that the emails were legitimate.

Some incidents involved emails that imitated correspondence between the company’s CEO and an alleged contractor law firm, urging the financial department to pay the attached fake invoice. The fake correspondence with the CEO of a victim company was used as “proof” that the request for payment was legitimate. In this attack the name of the fictional partner company was indicated only in the name of the sender field, and a real email address was different and changed from email to email.

Other incidents featured similar emails that mimicked communications between the CEO and contractor companies to request urgent payment for a fake invoice, but this time the invoice itself was not attached.

“This attack stands out for its meticulous attention to detail and exploitation of trusted relationships,” says Anna Lazaricheva, spam analyst at Kaspersky. “By fabricating convincing email threads and impersonating high-level executives, attackers are banking on employees’ reluctance to question seemingly authentic requests. Companies must prioritise employee training and robust email verification systems to counter these evolving threats.”

In order to avoid becoming a victim of fraudulent messages and specifically business email compromise attacks, Kaspersky experts advise the following: