This website uses cookies to ensure you get the best experience on our website. More info. Accept Reject
Menu
Menu

News

Go

Scam alert! 'Bogus boss' email costing firms millions

16/06/2016

Scam Alert Header

Clever phishing fraud with devastating impact for business

We have been alerted by one of our customers to a malicious scam which has been in constant circulation since 2015.  The ‘Bogus Boss or CEO fraud' as it’s being called, is a type of phishing fraud that has the potential to cause widespread damaging effects on businesses. Finance staff, or the company bookkeepers, are cleverly tricked into transferring a large sum of money to an account for a seemingly genuine business venture, on the instruction of the MD, CEO or similarly, Head Teacher or Business Manager.

Manipulative tactics by fraudsters

So far, it’s reported by police that there were over 5,000 victims sending planned payments to fraudsters in 2015.

It is reported that this scam typically begins with a phone call or email from the fraudster directly to a member of the finance team. They are then informed that they will receive communication from their boss which will provide instructions in order to process a very confidential transaction. An email is then received from an address in the name of the company boss – the ‘bogus boss’! This email confirms the phone call and states a viable reason for the money transfer, often then referring to a secondary call from a lawyer or consultant which will give clear instructions of the amount to be transferred and the account number.

Or, it could be a simple email such as:

"Hi (finance teams name/ school business managers name),

can you do me a favour?  I'm tied up with meetings at the moment and need an invoice paid/money transferred.  Can you send (amount of money) to this bank account before we get cut off please, I'll give you the invoice paperwork when I'm next in.

(Boss's name/Head Teachers name)."

The process of phone calls and emails happens very quickly in order to prevent any second-guessing as to whether it is genuine. This style is very typical of phishing scams!

Our customer’s experience:

The Financial Director at one of our customer’s offices received an email from someone claiming to be the company owner, written in a way the real company owner would write. There was nothing in the email to draw suspicion except the fact that the account number was unknown to the company. Luckily, the FD didn’t transfer anything on this occasion! But, it is that easy to be swept up in the process and efficiently carry it out!

We advise: be vigilant!

  • Keep a look out for this type of ‘Bogus Boss’ scam!
  • Take extra care with all emails and don’t open any that look dubious – such as from unfamiliar addresses.
  • Most email scams are riddled with spelling mistakes or the email domains are not what you would expect them to be.
  • Some emails are exact replicas of what you would expect to see from the genuine company or your reputable contact.
  • Also, check the bank accounts where money is being transferred as a letter from a supplier with a new bank account following an office move can be perfectly genuine or it could be a means to divert your money elsewhere.
  • ALWAYS follow up with a phone call or necessary security checks before money is transferred.

Click to Watch the BBC video where the CEO of Etna Industrie recounts her personal experience of returning from her trip to find hundreds of thousands of dollars transferred from their company bank accounts

We can help:

If you detect any suspicious malware or similar phishing emails and need advice then do contact our experts. In addition, if you don’t have a managed IT service which ensures your security is robust, you may wish to have a security review to ensure you’re not vulnerable to attacks and that your systems are up-to-date:

Contact our experts on: 01326 379 497 or sales@ncitech.co.uk, or for further details read IT Security.

BACK

Share

Comments

Leave a comment below

Cancel Submit