Reading time: 10 mins
12 October 2022
Scammers are becoming increasingly sophisticated in their methods, and one of the latest scams involves impersonating company bosses in order to obtain sensitive information or money. These scammers typically contact employees via email or phone, requesting gift cards or other valuable items, passing on company secrets, leaking passcodes, or even leaking documents and personal data for identity fraud.
While scammers have always posed a threat to businesses, the emergence of boss scams highlights just how sophisticated and persistent they can be. These scammers are often remarkably convincing in their attempts to impersonate company bosses, using fake emails or phone numbers and even creating fraudulent websites that look authentic.
If you suspect that you may be the target of a boss scam, it is important to be vigilant and take steps to protect yourself and your company. Do not respond or provide any personal or financial information without verifying that the request is legitimate, and report any suspicious activity immediately. Ultimately, the best defence against scammers of all types is awareness and vigilance - so stay informed, stay alert, and stay safe.
And what can businesses do to protect themselves against scammers impersonating the boss? In this article, we'll take a closer look at boss scams and the techniques scammers use to gain workers' trust.
Typically, scammers will first contact employees via email or phone, presenting themselves as the company boss or other senior executive.
An example e-mail from a scammer pretending to be a boss or director may look like this:
"Dear employee,
I am writing to you today regarding a matter of great urgency. In accordance with company policy, I need you to purchase gift cards for our client outreach program. These gift cards would be used as part of our efforts to strengthen ties with existing and potential clients.
Please let me know as soon as possible if you are able to assist with this request. I look forward to hearing from you soon.
Sincerely,
Your boss/director"
This type of scam can be very convincing, as scammers often go to great lengths to imitate the style and tone of genuine company communications. CEO fraud, finance director and top executives are typically the target of fraudster's masks to fool the employees.
They may also include links or attachments that contain viruses or other malicious software, in an attempt to gain access to sensitive information or install ransomware on company computers.
To protect themselves against scammers posing as bosses or senior executives, businesses should ensure that employees are educated about the common tactics and warning signs of scammers. This may include implementing additional security measures such as two-factor authentication for email and other sensitive accounts, and monitoring for unusual activity or suspicious email addresses. Additionally, it is important to maintain regular communication with clients and partners as a way to reduce the risk of scammers impersonating your company's representatives.
Many fraudulent emails may come from a mailbox that looks like a legitimate domain of a business organisation, with an addition of an extra domain; for example, [email protected]
The purpose of scammers sending fraudulent emails is typically to trick people into giving out sensitive information or money. These scammers often impersonate bosses, asking employees to perform tasks such as purchasing gift cards or sharing company secrets. Other scammers may attempt to install malware on company computers by posing as senior executives and sending
Phishing emails and other malicious communications are becoming increasingly sophisticated, making it difficult to distinguish between legitimate requests and scammers' attempts to gain access to sensitive information.
To protect themselves against scammers posing as bosses or senior executives, businesses should ensure that their employees are aware of the common warning signs of fraudulent emails.
It's also possible that scammers have gained unamortised access to the actual e-mail of your director. Some scammers may use social engineering alongside email scams to reach their valuable targets. For example, a fraudster may send a scam email to everyone in the company; all it takes is one employee to fall for giving away their login details for the scammer to gain access to the company's e-mail accounts.
Scammers will then build a more sophisticated approach for executive whaling and spear phishing to find the contact details of other email accounts. Fraudsters pretend to be senior staff by reading the contents of the victim's e-mail to gain understanding of the current projects.
Another way that a fraudster can obtain director's details is through the details of companies house. They may check the records of bank accounts and financial submissions to obtain further details. They can then use this to create director scam emails that's actually send from a fraudster's account that looks a lot like the real deal. They may even send a fake e-mail to anyone in the company to obtain the e-mail signatures of the business!
In recent years, advances in A.I. technology have made it easier for scammers to trick people over the phone. Using text-to-speech software, they can create a realistic-sounding replica of someone's voice, which they can then use to carry out a conversation.
This can be especially effective if the person being impersonated is someone who the victim knows and trusts. In addition, A.I.-generated voice recordings can be used to make automated phone calls that sound convincing enough to fool many people.
With these tools at their disposal, scammers can easily dupe innocent people out of their hard-earned money. As such, it is important to be aware of these techniques so that you can protect yourself from becoming a victim.
According to recent UK crime figures, online crimes now total 7.6 million cyber security breaches. This is a significant increase from previous years, and it seems that organised crime is investing in more digitally savvy fraudsters who are developing software to manipulate the characteristics of an email. This allows the sender of a phishing email to have an address that looks genuine, making it more difficult for people to spot the fraud. The problem is only going to get worse, as criminals become more sophisticated in their methods. It is therefore essential that everyone remains vigilant when checking their emails, and that businesses have robust systems in place to protect against these types of attacks.
When it comes to email scams, there are a few key things to look out for. One common scam is the "employee pretends" scam, where someone posing as an employee of a company tries to get you to make an unusual payment.
To spot this kind of scam, be on the lookout for unusual payment requests, especially if they come from someone you don't know or haven't worked with before. Another red flag is phishing emails - if an email looks suspicious or contains strange grammar or spelling errors, it's likely a scam.
If you're ever in doubt, don't hesitate to reach out to the company directly (but don't use the contact information in the email!). And of course, never reply to or click on any links in a suspicious email. By being aware of these common scams, you can protect yourself and your business from becoming victims.
As anyone who has ever dealt with email scams knows, they can be quite convincing. The sender will often pose as a legitimate business or individual, and the email will request an immediate payment to be made. The reason given for this request is usually critical, such as the need to secure a major contract. However, the recipient shouldn't be fooled; the goal of these scams is to get the victim to send money quickly, before they have time to verify the request.
Once the funds are received, they are quickly withdrawn by the scammer, often through an untraceable method such as cryptocurrency. So if you receive an unexpected email requesting an instant payment, beware; it could be a scammer trying to take advantage of you.
If you receive an unusual payment request, it's best to contact the company directly or verify that the sender is a legitimate employee. Additionally, be on the lookout for phishing scams - if an email looks suspicious in any way, it's likely a scam and should be ignored. With these tips in mind, you can help protect yourself and your business from scammers trying to take advantage of your company.
Aside from suspicious payment requests, there are a number of other signs that an email may be fraudulent. These can include poor grammar or spelling errors, incoming emails from unknown contacts or addresses, and requests for sensitive information (such as login credentials or personal details). Of course, they always request your swift response and immediate action in their message. But is it always worth the risk?
Cases are being referred to the Financial Ombudsman Service about banks refusing to cover associated wrongful payments, and the costs of these crimes can potentially threaten the longevity of businesses.
There are a number of ways to protect yourself from spoof emails, which need not break the bank. Most measures are common sense and can prevent the crime altogether, or at the very least be off-putting for opportunistic criminals looking for the ‘line of least resistance’.
For example, you can invest in email authentication software that can help to verify the contact details of an email, as well as ensuring that your own website has a valid SSL certificate. You should also be vigilant about opening attachments or clicking on links in emails, even if they appear to be from a trusted source. By taking these simple precautions, you can help to protect your business from digital crime.
To protect against phishing scam emails, businesses should implement a robust staff training program that includes regular education on the latest email scams and security protocols. This should include information on how to recognize suspicious emails, as well as tips for reporting these messages to the relevant authorities.
Other measures may include using strong passwords or two-factor authentication, and updating your systems regularly to ensure that they are protected against the latest security threats. Ultimately, a strong staff training program can be an effective way to protect your business from scammers and avoid falling victim to phishing scams.
Given the growing prevalence of scammers impersonating bosses in order to steal money or personal information, it is critical that businesses take steps to protect themselves against these scams. Some key measures include double-checking payment requests, being vigilant about suspicious emails, and implementing a strong staff training program focused on email security.