phishing or smishing scam used by hackers by sending fraudulent texts impersonating the boss. Information gathered through such scams can then be used for illegal activities, data and identity theft. Such scams are on the rise, and it is imperative for employees to be cautious while conducting transactions or acting upon these emails.

How Does the Boss Scam Work?

Cybercriminals gain access to official mailboxes, employee email IDs, and personal information by hacking into the executive’s mailbox. They then use these official IDs to send emails or text messages to the employees, asking for funds, giving a gift card, or even compelling the employee to share personal information under the guise of official business. Since the communication comes from the official mailbox or number, unsuspecting employees give in and fall prey to the tactics of hackers. The psychology behind executing these scams is that fraudsters assume that the employee is more likely to engage in malicious emails if they are sent from a person who is in a position of authority. Posing as the boss puts pressure on the worker, forcing them to act with urgency and compromise on judgement, skipping due diligence. Scammers use public information about the organization from the company website or its LinkedIn profile to add legitimacy to their fraudulent ways. The modus operandi in these scams is to work their way through psychological manipulation. Staff is less likely to question anything that comes to them from their bosses and act on these instructions with urgency. This psychological manipulation helps them successfully execute this relatively low-cost and low-tech fraud in a simple manner. Once they have spoofed the employee and received the payment as mentioned in the mail or text, they transfer it into mule accounts to make the flow untraceable.

Tips to Avoid Boss Scam

It can be difficult to respond aggressively to someone who seems to be your boss; therefore, it is easier to become a victim of such seemingly genuine requests. However, here are a few things that employees can do to protect themselves from boss scams:

• Verifying emails: If the content or language of the email raises the slightest doubt in the minds of subordinates, they must directly check its authenticity with the boss who has apparently sent it. The same applies if the email address looks suspicious. This must be done before any action on the mail or text is taken.
• Do not click on links or download attachments: Attachments and links may be inserted in the mail body by scammers with different titles, such as names of important documents etc. This is done to make it easier for them to take over a system by installing malware or carrying out ransomware attacks. Any links that seem out of place might redirect the employee to a page asking for passwords or any personal information to open, which they must absolutely refrain from doing.
• Pause and research: Hackers use aggressive tactics like compelling the employee to act urgently and threatening them with negative repercussions to the job. It is important to shut down at such a point and rethink if the content is actually what the boss is likely to say. Information should be verified directly by the employee.
• Double-check the legitimacy: It is a known truth that no business or any genuine person will accept payments through gift cards from an employee. These payment methods are hard to track, which is precisely why hackers use this technique to deceive employees.

Conclusion

If any suspicion is raised in the employee’s mind, it should be reported at once. A complaint can be filed in the cybercrime cell, where the action will be taken to determine the identity of the scammer. The government is taking swift action to create stringent controls and a better redressal mechanism for such scams.  

About SNS

Secure Network Solutions (SNS) provides a quantifiable, risk-based approach to building a global structure of cybersecurity infrastructure based on internationally recognized frameworks and practices. We have been providing cyber security services and catering to clients across industries for the last 22 years. Write to us at [email protected] or visit us at www.snsin.com.