How easy is it to steal money from your business? The Fake Boss Scam.

As cyber-attacks increase, more and more small businesses are reporting breaches. The types of cyber-attacks are evolving. The reason they evolve is because a cyber-attack works best when no one knows what it is. The reason cyber-attacks stop working is because people catch on to common techniques.

Having money stolen from your business may be easier than you think.

The Fake Boss Scam involves manipulating your employees into sending money to a foreign account by impersonating a company director or senior staff member.
It starts with an email to your finance department requesting an urgent payment. The reason for this payment could be ‘to buy a company’ or to ‘secure an important contract’. Many phone calls may also be placed around this email too, supporting the claims. The goal is to make the employee make a quick decision and transfer the money without thinking. Urgency, pressure, and aggression can be used in the communications to achieve this.

An accountant of the small business Etna (which makes industrial equipment) was a victim of this scam. Their accountant received a call around 9am on a Friday morning explaining that she will receive an email from the company’s president, and that she’s going to give instructions to conduct a very confidential transaction. Within an hour, the accountant received 10 emails and a few phone calls, and transferred £372,000.00. Luckily, three of the transfers were held up by their banks. However, one payment of £88,783.00 was successfully transferred.

Why is this technique effective?

• It’s easy to find out the hierarchical structure of an organisation due to websites such as LinkedIn. All they need to do is to impersonate a CEO or senior staff member (or anyone who has the authority to initiate a payment) in an email.
• Because It is a targeted attack, the persecutors are often knowledgeable about your business.
• It manipulates the victim to perform an action without thinking by using urgency, pressure and often aggression.
• Because it doesn’t need attachments carrying malware, it can more easily bypass spam filters and antivirus systems.

The best way to fight Scams, hacks and malware is to prevent it. Think about educating your staff and implementing protection and security procedures. If you would like to have a quick consultation about your security and what can be done to strengthen it, call us today on 01273 806211, or visit our network security page in the link below.


Take Me to the Ingenio Technologies Network Security Page



Written by Simon Smyth