Skip to main content

When you get an email from your boss, you probably don’t think twice about its authenticity. And why would you, especially if the email requires you to take action quickly. This need to please is the basis of a new scam which sees conmen trick workers into believing they’ve received an email from senior staff at their workplace – so let’s take a look.

The details

The email is usually sent to staff that work in the firm’s finance department and typically requests that a payment is made urgently to the sender (a conman masquerading as the boss or senior colleague of the company), outside of normal procedure. The message usually implies some sort of pressing matter – for example, the need to secure an important contract. If the employee complies, the money is transferred into an account owned by the fraudster, who then withdraws the funds and cuts all contact with the victim.

The email is made to look genuine with the use of software that manipulates the signature characteristics such as the sender address. Because of this, there’s seemingly nothing different about the email, with the victim receiving it just like they would do any other. Fraudsters haven’t just limited themselves to impersonation either, some have hacked into the email accounts of senior staff to send fraudulent emails directly.

Social networking sites like Facebook and Twitter are used to gain information about companies and the senior staff that work there, as well as databases like Companies House. The scam has been given the title of “whaling fraud” due to its nature of targeting the ‘big fish’ of business.

The Financial Fraud Action UK (FFA) has warned of a rise in this scam in recent weeks, with various companies losing between £10,000 and £20,000 as a result. Katy Worobec, director of FFA UK, said: “While an urgent request from the boss might naturally prompt a swift response, it should in fact be a warning sign of a potential scam.”

Don’t fall for it

You can avoid falling for this particular scam by making sure you do the following:

• Be cautious of any unexpected emails that you receive requesting urgent bank transfers. If the message appears to be from someone in your own organisation, get in contact with them directly (in person or on the phone) to confirm the instruction.

• Look at the email closely - if it contains unusual language or different styling formats to other emails, be suspicious.

• All external emails have the @ sign in the senders address and internal ones do not. Set up a rule on Microsoft Office (or another email client) to highlight all emails that come through with an @ in the senders address. By doing this, you’ll automatically be able to tell external emails apart from internal ones. You can read instructions on how to set this up here.

• Make sure that all your email passwords are robust and unique.

• Be suspicious of any payment requests made outside of company procedure.

• Have some sort of internal process in place for requesting payments and authorising them.

If you work in an office, why not send this blog to your colleagues so that they’re aware of this new scam as well?

Legal Information