Executive impersonation defense
Business email compromise has moved to SMS and voice. Attackers impersonate your executives on the phone your finance team trusts most. FBI IC3 reports $2.9 billion in BEC losses annually, and messaging-channel lures are the fastest-growing slice. Your SEG never sees them. SmishAlert does.
Built for the CFO and CISO who co-sponsor the wire. Separate from our 30-day workforce exposure pilot.
The threat in 60 seconds
A CFO receives a text from a number claiming to be the CEO: urgent wire to a new vendor account before the board call. The number is not on the executive roster.
$487,000 wired before the real CEO was reachable
FBI IC3 BEC complaint pattern, 2024
An executive assistant gets: "In a client dinner, can't talk. Buy $1,200 in gift cards and text me the codes." Sender ID matches the exec's name but not their known mobile.
$12,400 in unredeemable codes in under 20 minutes
Anonymized SmishAlert customer incident, 2025
Finance hears a cloned voice on a brief call, then a text with wire instructions and a PDF "authorization." The voice and text align on urgency and amount.
$1.2M attempted transfer; stopped at bank callback
CISA BEC advisory, deepfake voice + messaging, 2024
Three layers of impersonation defense
Cross-reference inbound sender against your roster. If the message claims to be your CEO but does not come from your CEO's known number, we flag it before your CFO acts on it.
Urgency, financial ask, and executive impersonation framing scored together. The pattern, not just the keyword.
Confirmed exec impersonation lands in your SIEM in seconds via Splunk HEC or signed webhook. Documented, queryable, runbook-ready.
Scenario reconstruction: A regional bank's controller received a text from ‘the CFO’ during an earnings quiet period. The sender was not on the executive roster. SmishAlert flagged the message before payroll initiated the transfer. The real CFO was on a flight with no cell service.
Annual BEC losses reported to FBI IC3, with messaging-channel lures growing fastest year over year.
Of executive impersonation SMS your SEG will ever see. The attack surface is the phone in your CFO's pocket.
Underwriters increasingly ask for documented messaging-channel controls. A queryable incident record supports renewal and discount conversations.
Pricing posture
Pricing reflects per-executive coverage starting at the C-suite, scoped on the readout call. We do not publish list rates because every engagement starts with your executive roster and finance-team exposure.
See pricing on the readout call.
FAQ
You provide a roster of executive names and known mobile numbers (or we sync from your HRIS on Enterprise). Inbound messages claiming to be an executive are checked against that roster before your finance team sees them.
No. Many customers start with a CSV of C-suite and finance leaders. HRIS sync is available on Enterprise for larger executive populations.
Executive impersonation defense runs on the device where the message lands. BYOD executives install the SmishAlert app like any enrolled user; directory-aware detection still applies to inbound impersonation attempts.
We tune per customer against your roster and finance-team reporting patterns. Pilot readouts include false-positive counts so you can set thresholds before production rollout.
Confirmed impersonation events route via Splunk HEC or a signed HTTPS webhook in seconds. Payloads include executive identity claimed, sender details, confidence score, and employee reporter context.
Yes. Every engagement includes a CFO- and CISO-facing briefing on what we saw, how your controls performed, and recommended runbook updates.
Incident records are stored under your tenant with configurable retention. Many customers treat exports as work product for counsel; we provide evidence packs formatted for insurer and legal review.
SOC notifications fire in seconds on confirmed impersonation. Human analyst escalation and customer notification SLAs are scoped on your readout call based on coverage tier.
Executive exposure snapshot
Talk to the team about directory-aware impersonation coverage for your C-suite and finance leaders.