A business, be careful not to make unknowingly any payments to a fraudster

In CEO fraud, fraudsters try to impersonate a company's executive by email and make account transfers. The address of the email sender may look like the same as, for instance, that of the company’s CEO but the sender’s address has actually been falsified. The messages are usually short in an attempt to create the impression that payment must be made without delay. In most cases, such payment is requested to be made abroad and the message may also enquire about your bank account balance before requesting money transfers. The message may also be typed in good Finnish.

Example of phishing:


Can we pay EUR xxxxx.xx this morning?


Give instructions to your personnel in advance!

  • Educate your employees and advise them to be very accurate in making payments.
  • It is advisable to examine the company's contractual partners inhouse so that the employees know with whom they are doing transactions. Also agree on who the person is in your company that accepts new agreements and orders.
  • Agree in advance on and regularly review in your company the payment acceptance processes in various situations.
  • Scrutinise with your payment processing employees any possible CEO fraud situations and prepare for them.
  • If your company uses protective or preventative actions in the case of email scams educate your employees in this respect.
    • For example, what does it mean if the email subject line has “SPF Fail”, “SPF Softfail etc. (Sender Policy Framework)

  • If any of your staff member receives a weird email message from your company’s management requesting to transfer money or disclose information, tell them that the information and the legitimacy of the request will be verified by making a phone call. The information must be verified by other means than by the contact information shown in the phishing email message.

  • If a staff member receives an email message that seems weird, you click on the button reply to test it and check the recipient’s email address. In many cases, the phishing email message sender has been managed to be edited and the recipient’s address also looks correct but when you try to reply to the message, you will find a gmail or hotmail ending, for example. However, you should never reply to phishing email.

  • Do not agree on anything over the phone if you are not sure of the identity of the person with whom you are speaking. Ask for more information by email in writing.

  • Your company should also go through other topical fraud that concerns your company, such as Office365-fraud where fraudsters try to have access to a company’s email traffic and manipulate payment data forwarded in the messages. In this type of fraud, the fraudster accesses the email traffic through a deciphered user account and change requests for payment details come from a valid email address.

  • What to do if fraud or attempted fraud has occurred:
  • If the fraudster has succeeded in convincing you the attempt for a payment order, immediately call the bank service line at
  • 0100 05151 (Mon–Fri 8.00–22.00)
  • 0100 0500 (Sat 10.00–16.00)
  • Contact your payment services manager even if the fraud only remains an attempt!
  • If fraudsters have registered a domain that violates your company’s trademark, report it to the Finnish Communications Regulatory Authority, cert(at)ficora.fi
  • File a request for investigation with the local police.
  • Forward the phishing email message you have received to tietoturvailmoitukset(a)op.fi