Have you ever heard of the “boss scam”? We experienced it firsthand! Our new hire received an email and a text message–both pretending to be employees in our upper management.
What makes this scheme so tricky is how it plays on the newness of the boss/employee relationship. The new hire gets an urgent email from their boss and they want to make it their top priority. Scammers are capitalizing on this desire and try to use fear to get them to do things for their “boss”. Usually, they will email employees and ask them to purchase gift cards to send to them or to send data or private information about the company.
How are scammers getting away with it?
Using bots, the scammers collect data from hiring platforms or social media accounts on Linkedin and Indeed, and then compile lists of new employee contact information using public record searches. They gather information about the company, their boss, and whatever else they can get their hands on. Then, they can create emails that are super similar to the original email addresses by changing one letter or number and it can end up being surprisingly deceptive. The scammer will often start by emailing and asking for their phone number or texting them so that they can stay off the radar.
How can you prevent the scam?
The short answer? You can’t prevent it from happening. As long as there is email there will always be phishing scam attempts. We unfortunately foresee these scams becoming more and more sophisticated with the help of Generative AI and Large Language Models. However, there are ways to keep them from wreaking havoc in your company. The best defense is to educate employees on how to discover these scams before they can cause damage. Let’s go through some tips that may help employees protect themselves and the company from these kinds of scams.
Verify the source of messages.
Get into the habit of checking if emails and/or phone numbers are valid and consistent with company directories. Scammers can work full-time to learn how to impersonate someone through email, but double-checking the email addresses can go a long way to stop them before they can start. If you can input your boss’s correct phone number into your phone you can always know if they are actually the one texting you. If something seems out of the blue or a little off–always check the communication source.
Scrutinize the content of the message itself.
Sometimes it’s obvious when you are getting scammed. Everyone has received the kind of wonky email that immediately screams: HELLO MY NAME IS SCAM. However, it’s not always staring you right in the face – sometimes it is way more subtle. If something feels off, reread it and ask yourself: Are there grammatical and spelling errors? Does the request really sound plausible? If it doesn’t seem like a regular request, check with your boss in person or through a different message thread to verify. If your employees know that you won’t hesitate to confirm a request is actually from you, they’ll feel more comfortable reaching out when something suspicious lands in their inbox.
Beware if there’s a sense of urgency.
Scammers love to create a sense of urgency. This helps them get what they want more quickly and it makes it harder for a victim to think through everything long enough to figure out that something is going on. If you are the boss, let your employees know that you prefer to give them plenty of time to complete tasks and to be wary of emails demanding usually immediate or secretive actions. Sometimes scammers will make it seem as though the boss’s job is on the line, or that if they tell anyone they will lose their own job. These subtle threats create secrecy and urgency, which is a big red flag.
Only open trusted attachments.
As a general rule, never click links or open attachments from suspicious communications. Anytime there is an email with an attachment, get in the habit of scrolling up to double-check that you recognize the sender’s email address and are familiar with the topic enclosed.
The moral of the story?
There will always be new, different ways scammers discover to wiggle their way into our inboxes, but a little training can go a long way. Make sure to include scam detection as part of your onboarding process since new employees are often the most susceptible to these types of scams. If you or someone you work with has been a victim of a workplace scam, you can report it to BBB.org/ScamTracker and make sure everyone in the company is alerted to the potential threat moving forward.
