The ‘bogus boss’ email scam – beware!

As reported by the BBC (12.01.16) French business’ have been hit by a wave of ‘bogus boss’ email scam over the past few years costing firm’s millions.

But Holker IT are aware that this type of attack is certainly not limited to France as UK business are increasing receiving emails purporting to be from the company ‘boss’ to internal staff authorising money transfers, usually large ones.

So why now and why is the ‘bogus boss’ email on the increase?

One, this is a very simple scam to execute and two, ‘boss’ emails are more likely to bypass a companies spam filters and antivirus security systems. Three, ‘boss’ emails are less likely to be challenged.

We would accept that it’s not difficult to identify a companies boss, their whereabouts and their key accounts staff with just a few minutes browsing. Nor is it difficult to spoof an email header address and footer to make it look like a legit company email. (Remember, your business’s sends these out everyday, cut / paste – our children are taught this in school.)

Your spam and malware security is not picking these emails up because the email doesn’t contain any malware.

And lastly, who questions ‘the boss?’

This type of attack is really a social engineering attack or in old parlance a ‘con’ trick.

But there are things to look out for, which your finance staff should be alert to and you might just save yourself the indignity a large financial loss.

Typical scenario’s of the social engineering attack:

  1. Someone poses as a boss of the company instructing staff to make a bank transfer.
  2. Fraudsters pose as the IT services department of a bank saying they want to make a test transfer.
  3. Fraudsters claim to be a supplier and ask for outstanding invoices to be paid into a new bank account.

Other common features:

  1. The boss is invariably out of the business and unable to verify the transaction.
  2. An attack will occur with a tight deadline designed to place the victim under stress.

So if you spot any of these characteristics or have any sense of unease about what you are about to do, STOP and seek advice from someone who will view the situation objectively, like someone from your IT support team at Holker. (only a phone call away!)