Executive Impersonation Email Checklist.
How to handle urgent emails that appear to come from an owner, executive, or manager asking for a payment or gift-card purchase. Use this as a practical pre-payment checkpoint, then turn the process into a reusable workflow with the BEC Defense Pack.
Run these steps before approval.
Pause urgent requests
Make the decision visible and documented before payment leaves the business.
Confirm by voice or existing channel
Make the decision visible and documented before payment leaves the business.
Never buy gift cards from email-only approval
Make the decision visible and documented before payment leaves the business.
Preserve the message
Make the decision visible and documented before payment leaves the business.
Report repeat attempts
Make the decision visible and documented before payment leaves the business.
Escalate immediately if any of these are true.
- Money has already moved to a new or suspicious account.
- A mailbox has unknown forwarding rules, filters, OAuth grants, or unusual logins.
- The request touches client funds, regulated data, payroll, trust accounts, taxes, or legal deadlines.
- Two internal approvers disagree or cannot verify the requester off-thread.
Keep moving through the cluster.
Get the free payment-change verification checklist.
Send it to the person who approves invoices, ACH, wires, or vendor bank changes.
Want the workflow instead of another article?
Get the Business Email Compromise Defense Pack, request a free teardown, or download the checklist and capture the process for your team.