How a Fake Email Thread Almost Cost a CEO $43,000 — and How to Stop It From Happening to You

A few weeks back, I spoke with a CEO who came dangerously close to wiring $43,000 to a scammer. It all started on an otherwise normal Friday afternoon when his inbox was suddenly flooded with over a thousand junk emails. At first, he thought nothing of it—but thanks to a teammate urging him to pause, the scam was caught just in time.

Not long after, the same scam attempt showed up in AVL’s inbox. We were able to catch it quickly thanks to a few simple internal controls, but it’s worth sharing how this scam works—it’s clever and easy to miss if you’re not prepared.

Here’s how the scam works:

  • Step 1: A fake email thread.
    The scammer sends an email to your AP (Accounts Payable) team that includes what appears to be a long-standing email thread between the CEO and a vendor. It shows back-and-forth about services, pricing, and approval. It’s all fabricated—but convincing.
  • Step 2: An “overdue” invoice.
    The email says payment is overdue, and the CEO is cc’d (also fake) to add pressure. The AP team, seeing what looks like a previously approved expense, may rush to pay.
  • Step 3: Spam flood.
     If anyone replies to the thread or contacts the CEO, the scammers immediately send thousands of spam emails to the CEO’s inbox, hoping to bury any warnings or real responses in noise.

Simple controls that make a difference:

  • Verbal confirmation.
    At AVL, we require live, verbal approval for any urgent wires. A quick phone call cuts through any confusion.
  • Wire transfer limits.
    Limit who can send what. If your AP team is capped at, say, $5,000, it reduces exposure to big losses.
  • Strong internal communication.
    When teams are aligned and in sync, it’s easier to spot unusual requests before they turn into mistakes.

These scams are built around urgency and noise—two things most growing businesses are already dealing with. A few calm, thoughtful controls go a long way.