Online Scammers Are Impersonating Your Boss Now
Here's a scenario: you receive an email from your boss asking you to make a wire transfer. It's to cover a vendor payment, they say, or maybe a lucrative business investment. At any rate, it is of the utmost urgency, and the email has been marked as such.
But what if the person who claims to be your boss, using what appears to be your boss's email, isn't your boss at all? What if it's one of those Internet scam artists who, up until recently, was more likely to pose as a Nigerian prince or dying lotto winner?
That's exactly what the Federal Trade Commission is warning businesses against in a recent blog post, which exposes the "masquerading" scam that has bilked businesses out of thousands of dollars.
In the scam, the hacker usually poses as a senior executive at the target company, using an email address that's as close to the person's real email as possible. They'll then ask an employee to make a wire transfer to a phony account, typically citing a vendor payment or confidential business investment."The scheme is usually not detected until the company's internal fraud detections alert victims to the request or company executives talk to each other to verify the transfer was made," the Internet Crime Complaint Center (IC3), which suggests Nigeria as the scam's point of origin, wrote in a bulletin.
Most of the targeted businesses are based in the U.S., England, or Canada, the IC3 reported, and engage in international trade, often through China. Average losses hover around $55,000, but some businesses claim to have lost as much as $800,000. And once the money is gone, it is very difficult to get it back.
In all, it's reminiscent of a 2012 phishing scam that found hackers stealing people's personal emails and asking their contacts for funds, claiming to be stranded overseas. In this case, though, the hackers frequently use Gmail, Hotmail, or AOL accounts that only resemble an executive's real email address at a glance.
The FTC suggests that businesses can protect themselves by requiring multi-person approval for wire transfers above a certain dollar threshold, and to seek verification of even the most seemingly urgent requests. Of course, it also follows that you should be on guard if you receive a message from Yourboss29@hotmail.com.