Bogus boss email scam

CEO Fraud,  bogus boss emails, call it what you will.

It's happening now, it's happening to businesses of all shapes and sizes, all over the world and your business is as much as risk as any other. 

We're talking about business email compromise - fake but incredibly plausible emails purportedly from the boss, or one of the bosses, requesting that a staff member make a payment to a new supplier.  They're difficult to spot because the scammer's done their homework, might know the boss is out of the office, how they sign off their emails, or makes reference to another senior manager in the body of the email and before you know it, a payment's been made.  These aren't traditional phishing emails.

US firm Ubiquiti Networks fell foul of this scam last year to the tune of nearly $47 million.  It's not just the big companies, either.  This scam is rife across the entire business world - it doesn't matter what size your company is, you'll be a target.  One scam on a Scottish company recently netted more than £100,000 before it came to light.  Everything about the emails seemed legitimate - there seemed no reason to question the instructions, it was from the boss after all!  Scammers take advantage of the fact we're so busy in our lives - we respond to emails almost as soon as we receive them, keen to react and keep on top of things, particularly now that we can send and receive them on any device.

What can you do about it? 

The reality is that because it's a low-tech scam it actually needs low-tech prevention methods.  These emails don't contain malware or malicious encryption software.  They're difficult to filter because everything about them is designed to look like an internal communication.  They're just conversational emails between a boss and a finance team - it's a psychological fraud.  

Your business procedures therefore need to change to mitigate against it. 

Information is worth its weight in gold.  Share this blog article and the BBC news links below - let your finance staff know that this kind of thing is going on.  They're smart people - get them on their guard. The scammers are relying on your staff being busy and under pressure and your internal procedures to be a little bit less than watertight. 

Vigilance is great, but it's only one layer of defence.  What's the best solution for the way you do business?  Two-signature authentication?  Verbal approval?  You need to review your processes to reassure yourself that this can't happen to you.  Even a small dent in your business account could have devastating consequences on your cashflow. 

Never more was hesitation a good thing! Do encourage your finance team to hesitate, question and DELAY carrying out instructions to make payments. Every payment should follow the same authentication procedure.  Every payment.  These scammers aren't just stealing - by fooling your staff they're damaging your business in other ways too.

'Whale' finance fraud hits businesses http://www.bbc.co.uk/news/technology-34570713

The 'bogus boss' email scam costing firms millions http://www.bbc.co.uk/news/business-35250678

Posted by Kirsty McIntosh on Friday, January 15, 2016

GET IN

TOUCH

PAIN-FREE IT +44 (0)1324 486 844

  • Linked-In
  • Twitter
  • RSS