Posted by admin - December 14, 2016 3:11 pm Fraud alert – Bogus Boss
Fraud warning
Be aware that there is yet another scam doing the rounds which has already cost UK businesses millions of pounds.
The name of this scam is called Bogus Boss as it is used by fraudsters to appear as if it is coming from a person in a senior position within the business. The ruse is another part of the ever increasing wave of cyber-crime sweeping the UK.
How does the ‘Bogus Boss scam work?
Fraudsters will find the name of someone senior in a business. They then use software which manipulates the characteristics of an email, including the sender address, to create a fake email which appears to come from the boss and typically gets sent to a member of the business’ finance team.
The email requests urgent payment to a new account and will give a pressing reason for needing the money such as looking to secure a new contract.
If the member of the finance team is not vigilant and makes the payment, funds paid into this new account will end up with the fraudsters who will empty the account immediately.
Criminals use publicly available information, such as Facebook, Twitter and Companies House data, to gain knowledge of target companies such as the names of the senior staff. Fraudsters have also managed to hack the genuine email accounts of those staff to send the fraudulent emails.
To ensure your business is not affected UK banks typically suggest taking the following measures:
- Always question any requests for urgent bank transfers.
- If in doubt, then check with the sender direct. Do not, however, respond direct to the email or use any numbers or email addresses contained therein as this is what the fraudsters want. Instead seek out your colleague directly and check.
- The way in which the request is worded can often be a clue that something is not right. Pay particular attention to the style in which the email is written. Also check the spelling, grammar and use of particular phrases to check if that is the way the genuine person would write. Again, if in doubt check with the individual concerned.
- Use strong internal passwords or even encryption.
- Set up, if you haven’t already, internal procedures and policies for authorising payment and ensure these are adhered to.
- If you receive such an email, make your colleagues aware that a scam of the company has been attempted but do not forward on the fraudulent email in case others click links.
It is a good idea to create a policy for dealing with cyber security issues. There are many places you can go to for further information including the Get Safe Online website or contact your local bank for their advice on how to keep the fraudsters at bay.
Remember – always check first, rather than regret later.