We share a real-life example of a cyber-attack known as Business Email Compromise, Fake Boss, or CEO Fraud
The Fake Boss method is is a very common way that scammers are defrauding UK businesses of thousands of pounds on a daily basis, so please read on.
This morning my payroll manager, Katrin, received an email from “Chris Thomas” advising her that I wanted to change the details my monthly salary was paid into.
Katrin (as our clients will know!) is eagle eyed and immediately knew it wasn’t from me, and forwarded it on.
Check the email senders address
The eagle eyed amongst you will have spotted that the email has been sent from a Virgin Media email account, set up with my name as the sender. So, you’d think that if you’d received a similar email then you’d smell a rat and know it was an attempt at a scam?
Unfortunately, not so.
Spoofing Emails
According to a BBC article the FBI estimate that such ‘Fake Boss’ emails have netted scammers £21 BILLION since 2016. They find out the names of directors working in a business, then find out who the payroll or accounts payable people are. And then get to work to start a conversation that seems real, but it isn’t.
The traditional targets for Fake Boss attack are the “C-suite” figures of major companies, such as chief executive officers or chief finance officers. But recently, criminals have been going for lower-hanging fruit.
The people we see being attacked are actually rarely VIPs. Victims tend to have readily searchable emails or easily guessable shared addresses.
In some cases, employees’ emails are spoofed and the attacker asks the human-resources departments to send a victim’s wages to a new bank account – which is exactly what has happened here.
Email Scam
Another method being seen more regularly is scam Fake Boss emails sent on Monday morning. According to Proofpoint, more than 30% of BEC emails are delivered on Mondays as hackers try to capitalise on weekend backlogs. They hope “social jetlag” will mean employees are more easily fooled by fake emails and other social-engineering tricks.
Be aware of your Fake Boss
So, please be on your guard about the Fake Boss scam and other attempts by fraudsters to get their hands on your money.
PS. You’ll be pleased to hear we deleted the email and blocked the sender – and you should do exactly the same.
