Is Dit Veilig?Scam type
NLEN
Scam type 14/15

CEO fraud and invoice fraud: how one email costs your SME half its revenue

BEC fraud (Business Email Compromise) costs Dutch companies tens of millions a year. Here's how to build a four-eyes principle that stops it.

Stats and sources
Updated: May 2026

What the numbers show

No guesses. Only published data from Fraudehelpdesk (the Dutch fraud helpline), CBS (Statistics Netherlands), AFM, SIDN and Dutch investigative journalism.

Estimated CEO-fraud losses in the Netherlands: tens of millions of euros a year (historically €64 million in a single year reported).
Source: https://www.security.nl/posting/643200/Ceo-fraude+kost+Nederlandse+bedrijven+64+miljoen+euro
78%
Of Dutch and Belgian companies were hit by some form of fraud in 2024-2025.
Source: Accountant
External fraud: 44% of organisations report >€100,000 in losses in 2025.
Reporting rates are low for fear of reputational damage.
Modus operandi

How does this scam actually work in practice?

Step by step: this is how scammers build the scenario. The faster you spot the pattern, the sooner you can hang up or click away.

  1. 01
    The scammer compromises a supplier's mailbox (via phishing) or spoofs the CEO's/CFO's email address.
  2. 02
    An existing invoice is intercepted; a new version is sent with a changed IBAN ("our account number has changed because of a merger/SEPA update").
  3. 03
    CEO variant: a fake email or WhatsApp from the director to the controller: "I'm in a meeting, please arrange this transfer urgently, confidential."
  4. 04
    Amounts are typically between €5,000 and €200,000; sometimes in tranches to bypass limits.
  5. 05
    Follow-up emails from a look-alike domain (mijnbedrijf.com → mijnbedrijf-nl.com).
  6. 06
    Increasing use of AI/deepfake voice for the "confirmation call".
Red flags

How do you spot this scam before it's too late?

One red flag is usually enough. Two and you know for sure something is off. Stop, hang up, click away, call the real organization via a number you look up yourself.

A request for an urgent transfer with confidentiality.
The email comes from a not-quite-correct domain (an extra letter, a different TLD).
A change of IBAN in an ongoing invoice.
The CEO emails outside office hours or from an unknown email address.
Pressure: "sort this within 30 minutes or I'll miss the deal".
No prior thread, no internal signature.
What to do

What to do if you've been targeted

In this order. Time is money — literally. The faster you call, the bigger the chance the bank can still reverse a transaction.

  1. 1
    Verify every IBAN change by phone using the supplier's known number (not the number in the email).
  2. 2
    Apply a four-eyes principle for all transfers above €1,000.
  3. 3
    For suspect CEO emails: always call them back personally on their direct number.
  4. 4
    Already paid? Call your bank immediately and request a SEPA Recall; report it as BEC fraud.
  5. 5
    File a report via politie.nl/cybercrime and report to the Fraudehelpdesk.
  6. 6
    Engage forensic investigation (possibly via your insurer) and monitor your suppliers' mailboxes.
Examples from our database

Concrete examples of this scam type

Click through on an example to see the full dossier: feed hits, host info, domain age, related cases.

domain reported
bedrijfsnaam-bv.com
Look-alike domains: , ,
View dossier →
domain reported
bedrijfsnaam.nl
Sender spoofing: ceo@ but reply-to set to gmail.com
View dossier →
example reported
WhatsApp +31 6 number with the CEO's photo as profile picture (taken from LinkedIn)
View dossier →
example reported
Text: "I'm asking this confidentially, don't discuss with colleagues."
View dossier →
example reported
IBAN: often in IT, ES, PL, RO or LT
View dossier →
example reported
Subject: "Urgent: wire transfer for M&A closing"
View dossier →
Common search queries

What people Google when they run into this scam

Recognize your own situation in one of these phrases? Paste your input into the checker above and you'll get an instant dossier — no account needed.

Related scam types

Often combined with these other scam types

Scammers increasingly combine multiple channels. A WhatsApp message is followed by a fake call; a phishing email by a Tikkie payment request.

Scam type
Ghost invoices and acquisition fraud: how Dutch SMEs lose €400 million a year
An invoice from a municipal directory or business register you never ordered? Learn which company names you can ignore right now and how to report the fraud.
Read more →
Scam type
Phishing email from Belastingdienst, ING or MijnOverheid? Check it in 30 seconds
Got an email about a refund, outstanding debt or blocked account? Compare the sender against these official Dutch domains.
Read more →
Scam type
Bank-helpdesk fraud (spoofing): how to recognize a fake call from "ING", "Rabobank" or "ABN AMRO"
Someone calling "from your bank's fraud department"? Learn how spoofing works, which numbers get abused, and what to do if you've already transferred money.
Read more →
Common questions

Common questions about this scam

What is ceo fraud and invoice fraud?
The scammer compromises a supplier's mailbox (via phishing) or spoofs the CEO's/CFO's email address. An existing invoice is intercepted; a new version is sent with a changed IBAN ("our account number has changed because of a merger/SEPA update").
CEO fraud email director payment?
A request for an urgent transfer with confidentiality. Verify every IBAN change by phone using the supplier's known number (not the number in the email).
Supplier invoice different account number fraud?
The email comes from a not-quite-correct domain (an extra letter, a different TLD). Apply a four-eyes principle for all transfers above €1,000.
Urgent transfer request from director fake?
A change of IBAN in an ongoing invoice. For suspect CEO emails: always call them back personally on their direct number.
What should I do if I've been a victim?
Verify every IBAN change by phone using the supplier's known number (not the number in the email). Apply a four-eyes principle for all transfers above €1,000. For suspect CEO emails: always call them back personally on their direct number.
Will I get my money back?
Whether you get your money back depends on the type of scam, how quickly you called your bank and whether you handed over credentials yourself. Dutch banks operate a goodwill scheme but in practice rarely pay out 100%. Always file a police report immediately and report to the Fraudehelpdesk — this strengthens your case.
Need help right now?

Call these numbers now — in this order

In case of immediate danger or an ongoing transaction: hang up, call your bank, then file a police report. The faster, the bigger the chance the money can be recovered.

Emergency
112
Police / emergency services
Police report
0900-8844
Ask for a case-file number
Fraudehelpdesk
088-786 73 72
Report for trend tracking
ING emergency line
020-22 888 00
Block account & card
Rabobank emergency line
088-722 67 67
Block account & card
ABN AMRO emergency line
0900-0024
Block account & card
SNS emergency line
030-633 30 00
Block account & card
Slachtofferhulp (victim support)
0900-0101
Emotional & legal support
Fraudehelpdesk.nlPolitie.nl — report online fraudVeiliginternetten.nlConsumentenbond — safe browsing