SUPPORT

How to Tell If Your Email Is Actually From the CEO (or Just a Guy Named Steve)

Oh oh….

It’s 10:32am. You’ve just made a cup of tea. Your inbox pings.

Subject: Need a quick favour.

It’s from your CEO. Or… is it?

You open the email:

Hey, can you run out and grab 8 iTunes gift cards? Just scratch off the codes and email them back. Need these for an urgent client gift.

And just like that, you’re either suspicious, or about to lose money.

Business fraud, corruption and money crime, scam and criminal deal with woman giving man euro notes

The Classic “CEO Email” Scam

It’s one of the oldest and most successful social engineering attacks out there:

  • The attacker poses as a senior leader
  • Sends a short, urgent message
  • Asks for something just believable enough to slip past doubt

It works because it leans into hierarchy, pressure, and your desire to be helpful.

How Attackers Make Emails Look Legit

Cybercriminals are lazy and clever. They don’t need to hack your CEO’s account. They just:

  • Register a lookalike email (like ceo@companny.com)
  • Use your actual CEO’s name as the display name
  • Send a short, urgent message

Display Name Spoofing: The Lazy Hacker’s Trick

Most email clients (especially mobile ones) show only the name,not the actual email address.

So when you see:

From: John Taylor Email: stevefromtoronto@gmail.com

Your brain registers “John Taylor” and skips over the rest.

Domain Spoofing: One Letter Away from Disaster

Attackers register domains like:

  • midgard-it.co.uk instead of midgardit.co.uk
  • rnicrosoft.com instead of microsoft.com

It’s called a homograph attack, and it fools even sharp eyes.

Urgency, Guilt, and Fear; The Trifecta of Phishing

These emails usually hit one of three emotional triggers:

  1. Urgency : “I need this right now.”
  2. Guilt : “I’m counting on you for this.”
  3. Fear : “Don’t make me escalate this.”

It’s like emotional blackmail… just with email headers.

Real Examples of Fake CEO Emails

“Please wire £14,870 to this supplier. We’re late on payment. Use the account below.”
“I’m in a meeting, can’t talk. Can you handle this right away?”
“I forgot my login, can you send me your password so I can access the dashboard?”

Spoiler: The CEO is not in a meeting. Also, they know their own password.

Why These Attacks Work (Even on Smart People)

  • The email is short = harder to scrutinise
  • You don’t want to say no to the boss
  • Your phone hides the real sender
  • You’re distracted and rushing

It’s not stupidity…. it’s psychology.

The Impact of Falling for a Phony CEO Email

  • Stolen funds (via bank transfers or gift cards)
  • Compromised logins (if you reply with credentials)
  • Damaged trust (internally and with clients)
  • Public embarrassment (nobody wants to be the person who got phished by Steve)

How to Spot the Fakes Before You Click

Check the actual email address. Not just the display name

Be suspicious of vague language like “I need a favour”

Look for strange spellings or tone shifts

Ask yourself: Would they really ask this over email?

Simple Rules That Will Save You Thousands

  1. Never act on money or password requests from email alone
  2. Verify requests via phone or Teams
  3. Don’t rush. Slow down. Re-read.
  4. Report suspicious messages to IT immediately

How We Stop This Stuff Before It Reaches Your Inbox

We:

  • Filter spoofed domains and suspicious senders
  • Implement DKIM, SPF, and DMARC to block impersonators
  • Run phishing simulations for staff
  • Monitor inbox activity for anomalies

And if someone does click? We have containment and rollback tools to minimise damage.

Final Thoughts

Your CEO probably isn’t asking for gift cards. But a guy named Steve might be.

Protect your inbox. Train your team. And if an email feels off. It probably is.

FAQs

Q: Can I stop spoofed emails completely?
A: You can dramatically reduce them. With the right security, filters, and training, most won’t even reach the inbox.

Q: How do I know if our domain is vulnerable?
A: We can run a quick DMARC and SPF check to see how your email is secured.

Q: Can you help us run a phishing test?
A: Absolutely. We can simulate CEO phishing and report how your team reacts.

Q: Should I reply to check if it’s really them?
A: No. Call or message them directly instead. Replying confirms your email is active.

Q: What if someone already fell for it?
A: Don’t panic. Call us immediately! We’ll help limit the damage and investigate fast.

Facebook
Twitter
LinkedIn

Table of Contents

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact

Midgard Short Logo In White
Join MyMidgard

MyMidgard

Our Online Portal helps you keep ontop of your IT systems. Designed from the ground up by Midgard IT themselves.

MyMidgard