Summary

The so-called CEO fraud remains one of the most common fraud methods in Switzerland and increased by 35% in 2025 compared to 2024 (719 to 971 cases). Cybercriminals deliberately use psychological manipulation, fake emails, artificial intelligence, and even deepfake audio calls to deceive finance departments. The BACS continuously documents new variants and recommends technical and organizational protective measures, particularly the four-eyes principle and verification through multiple channels.

People

  • Affected: Employees in finance departments of SMEs, associations, and municipalities

Topics

  • Cybercrime and fraud methods
  • Artificial intelligence abuse
  • Corporate security
  • Prevention and risk management

Detailed Summary

Background and Developments

CEO fraud is one of the most frequently reported fraud methods at BACS (the reporting office for fraud offenses). The case numbers are alarming: From 2024 to 2025, the number of reports increased by 252 cases (from 719 to 971), an increase of approximately 35%. Perpetrators are continuously refining their methods and no longer rely solely on simple email phishing, but instead combine multiple psychological and technical manipulation tactics.

Methodology: Targeted Preparation

Unlike mass phishing attacks, fraudsters in CEO fraud cases prepare systematically:

  • Research in public sources: They analyze LinkedIn profiles, company websites, and commercial register entries
  • Target identification: Companies that publish employee data and organizational structures online are particularly at risk
  • Hierarchy mapping: Fraudsters identify who in accounting has account access and who has signing authority

Classic Attack Scenario

The typical approach follows an established pattern:

  1. Fake sender address: Email appears to come from the CEO; often with minimal spelling errors in the domain (so-called "typosquatting")
  2. Psychological pressure: Constructed scenarios with time constraints
    • Urgent payment to foreign suppliers
    • Immediate purchase of gift cards or vouchers
  3. Manipulative wording: "I rely on your discretion," "Execute immediately" – designed to bypass questions and security procedures

New and Concerning Variants

Artificial Intelligence (AI):

  • AI tools imitate the writing style of the actual supervisor (greetings, phrases)
  • Deepfake audio calls: Deceptively authentic voice imitations of the boss
  • Voice messages via WhatsApp or telephone
  • Manipulated video conferences (still in testing phase)

Particularly alarming: A case in Canton Schwyz resulted in damage in the millions.

Law firm abuse:

  • Perpetrators use names of real law firms based in Switzerland
  • Scenario: "Has attorney XY contacted you?" – credibility through third parties
  • Under the guise of confidentiality, an international transfer is demanded

Key Messages

  • Rising case numbers: +35% increase to 971 reported cases in 2025
  • Multi-channel attacks: CEO fraud occurs not only via email, but also through WhatsApp, telephone, and deepfakes
  • AI as a game-changer: Voice messages and writing style imitation are becoming increasingly professional
  • Targeted preparation: Fraudsters systematically research company structures
  • Psychological component: Authority + time pressure = higher success rate
  • Vulnerable group: Finance departments and accounting are primary targets

Stakeholders & Affected Parties

Affected PartiesImpact
SMEs and mid-market companiesFinancial losses in the 6 to 7-figure range possible
Finance departmentsIncreased stress risk and liability issues
ManagementReputation and trust endangered
Municipalities and associationsPublic funds at risk
Overall economyCumulative damage through organized gangs

Beneficiaries: Organized cybercriminals (some operating internationally)

Opportunities & Risks

OpportunitiesRisks
Awareness through BACS campaignsFurther increase in case numbers due to AI tools
Four-eyes principle reduces success rateDeepfakes become difficult to distinguish
Technical markings (EXTERNAL) helpInsider involvement possible
Strengthen organizational culture of skepticismLoss of trust in internal communication
Training and education effectiveTime pressure overwhelms controls

Action Relevance for Decision-Makers

Immediate measures:

  1. Four-eyes principle for all payments and master data changes
  2. EXTERNAL marking configuration in email server
  3. Verification through second channel: For urgent payments, call CEO back at known number
  4. Do not bypass security processes – even with chief instructions

Strategic monitoring:

  • Establish internal reporting office for suspicious inquiries
  • Conduct regular training for critical roles
  • Monitor LinkedIn and public organizational data
  • Exchange with BACS and industry networks

Quality Assurance & Fact-Checking

  • [x] Central statements and figures verified
  • [x] Source reference to official BACS publication available
  • [x] Case example (Canton Schwyz) documented
  • [ ] Web research for current AI developments conducted (recommended)
  • [x] No bias detected – factual and warning-focused

Supplementary Research

  1. BACS Official Statistics – Current case numbers and trends: https://www.ncsc.admin.ch/ncsc/de/home/aktuell/im-fokus/2026/wochenrueckblick_4.html

  2. SWI Report on Deepfake Fraud – Case study Canton Schwyz (million-franc damage)

  3. Cybersecurity Report 2025 – Trend analysis of AI-assisted fraud methods

Sources

Primary source:
Weekly Review Week 4 (27.01.2026) – National Fraud Reporting Office (BACS)
https://www.ncsc.admin.ch/ncsc/de/home/aktuell/im-fokus/2026/wochenrueckblick_4.html

Supplementary sources:

  1. BACS Overall Statistics 2025 (internal)
  2. Case example Canton Schwyz – Deepfake audio fraud (million-franc damage)
  3. AI Abuse in Cybercrime – Trend Report

Verification status: ✓ Facts verified on 27.01.2026

This text was created with the support of Claude.
Editorial responsibility: clarus.news | Fact-checking: 27.01.2026