Executive Impersonation

Common scenario

An office manager receives a short message that appears to come from the owner during a busy afternoon. It says a payment is needed for a confidential project and asks the office manager not to call because the owner is supposedly in a meeting.

Warning signs

• The message asks for urgency, secrecy, or a change from normal approval steps.
• The request arrives by a channel the person does not usually use for approvals.
• The sender says they cannot talk but insists action must happen now.
• The request involves payment, gift cards, payroll changes, login access, or sensitive information.
• The wording feels slightly unlike the real person, even if the name, photo, voice, or video seems familiar.
• The message discourages checking with anyone else.
• A voice or video message is used to create pressure instead of following the normal process.
• The request comes near closing time, a holiday, travel, or a known busy period.

Questions to ask

• Would this person normally make this kind of request this way?
• Does the request ask me to skip a known business process?
• Is secrecy being used to prevent normal review?
• Can I verify through a known channel without using contact details in the message?
• Does this involve money, access, payroll, or private information?
• Who else is approved to review this if the person appears unavailable?

Verification workflow

• Pause the task and avoid responding with business details.
• Check the request against the normal approval process for payment, access, or information sharing.
• Contact the person through a known channel already used by the business.
• If the person is unavailable, route the request to the approved backup reviewer.
• Require a second internal approval for payment, access, or sensitive changes.
• Record that the request was verified, denied, or held for later review.
• Continue only through the normal business process after review.

Example internal policy

• Owners and managers will not ask staff to bypass payment, access, or payroll approval steps.
• Secret or urgent requests still require verification through a known channel.
• Voice, video, text, or email alone is not enough for unusual payment or access requests.
• Staff are encouraged to pause and verify without fear of blame.
• Every high-risk request needs a backup reviewer when the requester cannot be reached.

What not to do

• Do not buy gift cards, send funds, change payroll, or share access based on an urgent message alone.
• Do not use phone numbers, meeting links, or reply addresses supplied only by the suspicious message.
• Do not keep the request secret just because the message says to.
• Do not assume a familiar name, photo, voice, or video proves the request is real.
• Do not argue with or accuse the sender.
• Do not share one-time codes, passwords, login links, or internal documents.

If something already happened

• Pause related payments, access changes, purchases, or information sharing while the situation is reviewed.
• Notify the real owner, manager, or approved backup reviewer through a known channel.
• Preserve the message, channel, timing, and action taken in internal notes.
• Tell affected internal roles so they do not continue the same request.
• Review whether normal approval steps were unclear, missing, or too easy to bypass.
• Update staff training with a non-shaming example based on the pattern.