This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice ( for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

Executive Impersonation: A Growing Threat

  • US_AICPA Image

Sep 23, 2016

In September 2016, the American Institute of CPAs (AICPA) issued a new report on the growing threat of executive impersonation, in which criminals claiming to be corporate executives convince employees to send them sensitive documents and company information.

The disclosure of data breaches continues to worry consumers and corporations every day. Now, a new and growing cyberattack risk exists that has gone largely unreported: business email compromise (BEC).

The scheme is executive impersonation, accomplished by the criminal creating a fake email that closely resembles the company’s own email and appearing to come from a high-ranking executive. The recipient is an unsuspecting mid- or lower-level employee selected for his or her access and authority to transfer large sums of money between subsidiaries or to suppliers on behalf of the company.

The AICPA has been making more of an effort to raise CPAs’ awareness of cybersecurity issues. The Institute’s Assurance Services Executive Committee released for comment two proposed sets of criteria on cybersecurity risk management and trust services.

Review the report on the AICPA's website.

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.