Bogus Boss | Royal Bank of Scotland

Bogus Boss

Have you received an unusual urgent request to transfer funds from a senior member of staff?

Quick guide (PDF,907KB)
What is Bogus Boss?
  • Also known as Spoofing, bogus emails are sent to staff claiming to be from a senior member of staff within the organisation such as a Director, CEO or Chairman etc. requesting an urgent payment. 
  • They will often say that the payment is needed due to exceptional circumstances and needs to be carried out immediately.
  • The email appears to be genuine as the fraudsters research the company details and locate the senior managers’ details; they then use this for the email address.
  • They can either make an email address look like it is genuine or hack in to a users email account directly.
  • Thinking it is a genuine request and often not wanting to question a senior director or CEO the employee completes the payment as instructed and the funds are withdrawn by the fraudster. 

RBS-Bogus-Boss

Add your signposting title here… Spot the fraud
  • The email appears to be genuine as the fraudsters research the company details and locate the senior managers’ details; they then use this for the email address
  • Contact the sender independently to verify the request
  • Do not use any contact details within the request
Protect yourself and your business from Bogus Boss
  • Challenge and question these types of requests, even if they are from someone senior.
  • Contact the sender independently to verify if the request is genuinely from them; don’t use the contact details in the request.
  • Have a specific documented process for the arrangement of payments. Any requests outside of this process, particularly if they are by email, should be treated as suspicious until verified with the individual directly.
  • Enable dual authorisation on Bankline for payments, so that any payments have to be approved by a second user before it is sent.
  • Control which employees are able to make payments on Bankline by reviewing and maintaining user roles and privileges including setting payment limits.
  • Strengthen passwords for access to email accounts, avoid common phrases and using the same password for everything. Your password should contain a mixture of upper and lower case letters, numbers and special characters.
  • Ensure all staff are aware of this type of fraud and to remain vigilant, including the senior directors and CEO. Make sure staff feel able to approach senior members to verify if a request is genuine.
Do you want to report a fraud or cyber crime on Bankline?
If you suspect fraudulent activity on Bankline, call:

UK: 0800 161 5157

Lines open: Monday to Friday, 7am-8pm

To report other suspicious activity, call:

UK: 0800 161 5150

Lines open: Monday to Friday, 7am-8pm

^If you need any other help, please contact your Relationship Team.

Set Tab for lightbox