Business email compromise (BEC) attacks have grown more deceptive and frequent. Often, they involve impersonated executives or vendors pressuring staff to bypass standard procedures for urgent payments.
The tactics are subtle but effective: a vendor payment that “can’t wait,” a time-sensitive transfer “authorised” by the CFO, or a confidential project requiring “immediate” funds. These requests appear legitimate until you realise the email account was spoofed or compromised.
That’s why empowering employees to challenge unusual requests is essential. But confidence alone isn’t a safeguard and staff need practical tools they can rely on in the moment.
Pre-approved scripts help shift responsibility from the individual to the policy
Responding to a suspicious request from an executive can be daunting. People naturally hesitate to question authority, especially under time pressure. These ready-to-go scripts help employees respond professionally and confidently, without feeling like they’re stepping out of line.
Each template does three things:
- Reinforces the primacy of internal controls
- Signals adherence to company policy
- Buys time for proper verification without ignoring genuine requests for assistance
Used correctly, they turn a high-pressure moment into a routine check, something (actual) executives will respect.
Option 1: Policy-based pushback
Subject: Re: Urgent Payment Request
Hi <Name>,
To protect the business and comply with our internal financial controls, I’m required to follow our standard approval and verification procedures for all payment requests, especially urgent ones.
Before I can proceed, I’ll need the usual documentation and confirmation through our authorised channels. Once those steps are completed, I can prioritise the payment immediately.
Thanks for your understanding.
Option 2: Verification-focused pushback
Subject: Re: Immediate Transfer Needed
Hi <Name>,
Because this request is outside our normal process and marked as urgent, I need to complete additional identity and authorisation steps before taking action. As part of our anti-fraud procedures, this is mandatory for all high-risk or expedited payments.
I’ll process the payment as soon as verification is complete.
Thank you.
Option 3: Escalation requirement
Subject: Re: Time-Sensitive Payment
Hi <Name>,
Given the urgency and the deviation from our standard workflow, our policy requires that I loop in <Finance Leader/Direct Manager> for confirmation before initiating any payment. This safeguard applies to all teams, including executive requests.
Once we receive the confirmation through the standard approval path, I’ll be able to action it right away.
Appreciate your patience!
Option 4: Verification system
Subject: Re: Urgent Payment Request
Hi <Name>,
Our system won’t allow me to process or release any payment without the required supporting documents and approvals logged internally. I’ll need those added to the system before I can proceed.
Let me know once they’re submitted and I’ll pick it up.
Option 5: Eftsure verification response
Subject: Re: Urgent Payment Request
Hi <Name>,
Because this request is urgent and outside our usual process, I need to complete our mandatory Eftsure verification steps before actioning any payment. This includes confirming payment details through the authorised Eftsure workflow.
Once the request appears in Eftsure with the proper approvals, I’ll be able to process it immediately. These safeguards apply to all payments, including executive requests, to ensure we protect the organisation from impersonation and fraud attempts.
Happy to proceed as soon as the verification is complete.
What else can you do to defend against impersonation of execs and vendors?
Check out our deepfake assessment and guide to understand AI tactics for mimicking trusted contacts like senior leaders and vendors.
Get the guide.
