{"id":33042,"date":"2024-03-28T13:02:02","date_gmt":"2024-03-28T11:02:02","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/?p=33042"},"modified":"2024-03-28T13:02:02","modified_gmt":"2024-03-28T11:02:02","slug":"how-to-spot-and-prevent-boss-scams","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/how-to-spot-and-prevent-boss-scams\/33042\/","title":{"rendered":"Is it the boss \u2013 or is it a fraudster? Scams disguised as urgent orders from top brass"},"content":{"rendered":"

Imagine getting a call or message from your immediate senior \u2014 or maybe even the head honcho of the whole company. They warn you about a nasty situation brewing. It spells fines or some other financial woes for the company, big trouble for your department, and possible dismissal for you personally! Cold sweat trickles down your spine, but there\u2019s still a chance to save the day! You\u2019ll have to hustle and do a few things you don\u2019t usually do, but everything should be alright\u2026<\/p>\n

First \u2013 hold your horses and take a few deep breaths. There\u2019s a 99% chance this whole \u201cemergency\u201d is completely made up and the person on the line is a scammer. But how do you recognize such an attack and protect yourself?\n<\/p>\n

Anatomy of the attack<\/h2>\n

\nThese schemes come in dozens of flavors. Scammers may describe various issues faced by your company depending on the particular country, cite involvement of regulators, police, or major business partners, and then suggest all manner of ways to \u201csolve the problem\u201d with your help. Yet there are a number of key points \u2014 crucial psychological footholds \u2014 without which the attack is next to impossible to carry out. These can be used to recognize the attack for what it is.\n<\/p>\n

    \n
  1. \nThe superior\u2019s authority, or simple trust in someone you know.<\/strong> Most people by now have developed a resistance to odd requests from strangers \u2014 be it a police officer who\u2019s decided to reach out through instant messaging, or a bank employee personally concerned about your wellbeing. This scheme is different: the person approaching the victim appears to be someone you know to some extent \u2014 and a fairly important person at that. Scammers often choose a C-level manager\u2019s profile as bait. First, they have authority; second, chances are the victim knows the person, but not well enough to spot the inevitable differences in speech or writing style. However, there are variations on this scheme where the scammers impersonate a coworker from a relevant department (such as accounting or legal) whom you may not know personally.<\/li>\n
  2. \nRedirection to an external party.<\/strong> In the most primitive cases, the \u201ccoworker\u201d or \u201cmanager\u201d who reaches out to you is also the person you get a request about money from. Most often though, after the initial contact, the \u201cboss\u201d suggests you discuss the details of the matter with an external contractor who\u2019s about to reach out. Depending on the scheme\u2019s specifics, this \u201cassigned person\u201d may be introduced as a law enforcement or tax officer, bank employee, auditor or similar; i.e., not someone the victim knows. The \u201cboss\u201d will ask you to provide the \u201cdesignated person\u201d with all the assistance they\u2019ll need and without delay. That said, the most elaborate schemes, such as the one with $25 million stolen following a deepfake video conference<\/a>, may have the scammers pose as company employees throughout.<\/li>\n
  3. A request has to be urgent, so as not to give the victim time to stop and analyze the situation. \u201cThe audit is tomorrow\u201d, \u201cthe partner\u2019s just arrived\u201d, \u201cthe amount gets charged this afternoon\u201d\u2026\u00a0long story short, you have to act right now. Scammers will often conduct this part of the conversation by phone, telling the victim not to hang up until the money is transferred.<\/li>\n
  4. \nAbsolute secrecy.<\/strong> To prevent anyone from interfering with the fraud, the \u201cboss\u201d early on warns the victim that discussing the incident with anyone is strictly forbidden as disclosure would lead to disastrous consequences. The fraudster might say that they\u2019ve no one else to trust, or that some of the other employees are criminals or disloyal to the company. They will generally try to keep the victim from talking to anyone until their demands are met.<\/li>\n<\/ol>\n
    \"Example<\/a>

    Example of a scam email from a fake boss<\/p><\/div>\n

    Objectives of the attack<\/h2>\n

    \nDepending on the victim\u2019s position and level of income, an attack may pursue different goals. If the victim is authorized by the company to execute financial transactions, the scammers will try to talk them into making an urgent secret payment<\/a> to a vendor such as a law firm for assistance in solving problems \u2014 or just transferring the company\u2019s money to a \u201csafe\u201d account.<\/p>\n

    Employees who don\u2019t deal with the company\u2019s money can be targeted by attacks that seek to obtain company data such as passwords to internal systems, or their own funds. Scammers may come up with dozens of backstories, ranging from an accounting data leak that jeopardizes the victim\u2019s account, to a need to keep the company\u2019s cash gap closed until an audit is done. In the latter case, the victim is asked to use their own money in some way: transfer it to another account, pay for gift cards<\/a> or vouchers, or withdraw it and give it to a \u201ctrusted person\u201d. For greater persuasiveness, the scammers may promise the victim generous compensation for their expenses and effort \u2014 only later.\n<\/p>\n

    Convincing level of detail<\/h2>\n

    \nSocial media posts and numerous data leaks have made it much easier for fraudsters to launch carefully prepared, personalized attacks. They can: find the full names of the victim, their immediate senior, the CEO, and employees in the relevant departments (such as accounting), along with the exact department names; and find pictures of these individuals to create convincing instant messaging profiles and, if needed, even voice samples to create audio deepfakes. If there\u2019s big money at stake, the scammers may invest significant time in making the charade as convincing as can be. In some previous cases<\/a>, attackers even knew the locations of company departments inside buildings and the positions of individual employees\u2019 desks.\n<\/p>\n

    Technical side of the attack<\/h2>\n

    \nSophisticated schemes like this nearly always include a phone call from the scammers; however, the initial \u201ccall from the boss\u201d may also come in the form of an email or instant message. In simpler versions of the attack, the scammers just create a new instant messaging or email account with the manager\u2019s name, while in more sophisticated cases they hack their corporate email or personal accounts. This is called a BEC (business email compromise) attack<\/a>.<\/p>\n

    As for phone calls, scammers often use number spoofing services or obtain an illegal copy of the SIM card<\/a> \u2014 the victim\u2019s caller ID then displays the company\u2019s general phone number or even their boss\u2019s own.<\/p>\n

    Malicious actors may use deepfake voice generators<\/a>, so a familiar voice on the other end of the line can\u2019t guarantee the caller\u2019s authenticity. Schemes like these may even use video calling where the caller\u2019s face is also a deepfake<\/a>.\n<\/p>\n

    Protecting yourself against scammers<\/h2>\n

    \nFirst and foremost, attentiveness and courage to verify the information despite the scammers\u2019 threats are two things that can protect you against this kind of attack.<\/p>\n

    Take it slow, and don\u2019t panic.<\/strong> The scammers aim to knock you off balance. Keep calm and double-check all the facts. Even if the other party insists you don\u2019t hang up the phone, you can always pretend that the call dropped. This will buy you some time to do more fact-checking.<\/p>\n

    Pay attention to the sender\u2019s address, phone, and user name. <\/strong>If you\u2019re used to corresponding with your boss by email, but then you suddenly get an instant message in their name from an unfamiliar number, it\u2019s time to prick up your ears. If you\u2019ve always talked on an instant messaging app and you get a new message but there\u2019s no history, this means someone\u2019s using a newly created account, which is a major red flag. Unfortunately, cybercriminals sometimes use fake email addresses that are hard to tell from the real ones, or hacked email or instant messaging accounts. All of this makes detecting forgery much more difficult.<\/p>\n

    Pay attention to small details.<\/strong> If a person you know approaches you with an odd request, is there anything about the situation that tells you that the person may be an impostor? Do their emails look slightly unusual? Are they using uncharacteristic figures of speech? Do you usually address each other by first names, but they\u2019re using a formal form of address? Try asking them something only the real person could know.<\/p>\n

    Raise a red flag if you get an unusual request.<\/strong> If your boss or coworker is urgently asking you to do something unusual \u2014 and to keep it a secret to boot \u2014 this is nearly always a sign of a scam. Therefore, it\u2019s critical that you verify the information you get <\/strong>and confirm the other party\u2019s identity.<\/strong> The least you can do is contact that person using a different channel of communication. Talking in person is best, but if this isn\u2019t a possibility, call their office or home number that you\u2019ve got down in your phone book, or punch in that number manually; don\u2019t just dial the last incoming number \u2014 to avoid circling back to the scammers. Use any other channels of communication available. The cell number that called you \u2014 even if it\u2019s your boss or coworker\u2019s real number you\u2019ve gotten saved in your phone book \u2014 might have been compromised through SIM swapping or simple phone theft.<\/p>\n

    Check with your coworkers.<\/strong> Despite being asked to \u201ckeep it all confidential\u201d, depending on the nature of the request, it doesn\u2019t hurt to verify the information with your coworkers. If you get what appears to be a message from someone in accounting, contact other people in the same department.<\/p>\n

    Warn your coworkers and law enforcement.<\/strong> If you receive such a message, it means scammers are targeting your organization and coworkers. If their tricks don\u2019t work on you, they\u2019ll try the next department. Warn your coworkers, warn security, and report the attempted scam to the police.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

    Got a message from your boss or coworker asking you to “fix a problem” in an unexpected way? Beware of scammers! How to protect yourself and your company against a potential attack.<\/p>\n","protected":false},"author":2722,"featured_media":33045,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2670,9],"tags":[3222,19,80,3432,3719,76,422,131],"class_list":{"0":"post-33042","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"category-tips","9":"tag-bec","10":"tag-email","11":"tag-fraud","12":"tag-hr","13":"tag-instant-messaging","14":"tag-phishing","15":"tag-threats","16":"tag-tips"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/how-to-spot-and-prevent-boss-scams\/33042\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/how-to-spot-and-prevent-boss-scams\/27235\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/how-to-spot-and-prevent-boss-scams\/22541\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/how-to-spot-and-prevent-boss-scams\/11532\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/how-to-spot-and-prevent-boss-scams\/29909\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/how-to-spot-and-prevent-boss-scams\/27407\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/how-to-spot-and-prevent-boss-scams\/27130\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/how-to-spot-and-prevent-boss-scams\/29819\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/how-to-spot-and-prevent-boss-scams\/28628\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/how-to-spot-and-prevent-boss-scams\/37210\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/how-to-spot-and-prevent-boss-scams\/12183\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/how-to-spot-and-prevent-boss-scams\/50861\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/how-to-spot-and-prevent-boss-scams\/21651\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/how-to-spot-and-prevent-boss-scams\/22356\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/how-to-spot-and-prevent-boss-scams\/31043\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/how-to-spot-and-prevent-boss-scams\/36124\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/how-to-spot-and-prevent-boss-scams\/27584\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/how-to-spot-and-prevent-boss-scams\/33415\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/fraud\/","name":"fraud"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/33042","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=33042"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/33042\/revisions"}],"predecessor-version":[{"id":33044,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/33042\/revisions\/33044"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/33045"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=33042"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=33042"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=33042"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}