What is Bogus Boss?
- Also known as Spoofing, bogus emails are sent to staff claiming to be from a senior member of staff within the organisation such as a Director, CEO or Chairman etc. requesting an urgent payment.
- They will often say that the payment is needed due to exceptional circumstances and needs to be carried out immediately.
- The email appears to be genuine as the fraudsters research the company details and locate the senior managers’ details; they then use this for the email address.
- They can either make an email address look like it is genuine or hack in to a users email account directly.
- Thinking it is a genuine request and often not wanting to question a senior director or CEO the employee completes the payment as instructed and the funds are withdrawn by the fraudster.
Spot the fraud
- The email appears to be genuine as the fraudsters research the company details and locate the senior managers’ details; they then use this for the email address
- Contact the sender independently to verify the request
- Do not use any contact details within the request
Protect yourself and your business from Bogus Boss
Challenge and question these types of requests, even if they are from someone senior.
Contact the sender independently to verify if the request is genuinely from them; don’t use the contact details in the request.
Have a specific documented process for the arrangement of payments. Any requests outside of this process, particularly if they are by email, should be treated as suspicious until verified with the individual directly.
Strengthen passwords for access to email accounts, avoid common phrases and using the same password for everything. Your password should contain a mixture of upper and lower case letters, numbers and special characters.
Ensure all staff are aware of this type of fraud and to remain vigilant, including the senior directors and CEO. Make sure staff feel able to approach senior members to verify if a request is genuine.
If you are a Bankline user, enable dual authorisation for payments, so that any payments have to be approved by a second user before it is sent.
If you are a Bankline user, control which employees are able to make payments by reviewing and maintaining user roles and privileges including setting payment limits.