Scammers dupe millions from companies through the “boss scam”
Recently, the Delhi Police (India’s capital) commenced an inquiry into scammers who pretended to be Indigo CEO Pieter Elbers and instructed that airline employees should purchase and send e-gift cards purchased from Amazon.com. According to the information received, a police complaint was filed by an airline official demanding quick action.
In another incident, the top management of a south Indian media institute fell victim to the same kind of fraud when some of his subordinate’s received messages and emails asking for money from the official side.
A mayor of Chennai, the capital of a south Indian state, also fell victim to the same kind of fraud, where scammers used her image as a WhatsApp display picture and asked her employees to buy e-gift cards from Amazon and send them to her.
Experts have named these kinds of frauds “boss scams,” where the attacker will send an email or message to the target, pretending to be the boss or a higher-level executive. The message will often request that the target perform an action, such as transfer funds or share sensitive information. The scammer may use social engineering techniques to make the request seem legitimate, such as using the boss’s real name or impersonating their email address.
The “BOSS scam” is a type of phishing scam that targets individuals or businesses by posing as a high-level executive or supervisor, such as a CEO or manager, in order to trick the target into performing an action or providing sensitive information. This type of scam is also known as “business email compromise” or “CEO fraud”.
Tips to Avoid Boss Scam
- Verify the received emails.
- Do not click on links or download attachments.
- Double-check the legitimacy.
It’s important to be aware of this type of scam and to exercise caution when receiving emails or messages from high-level executives or supervisors. If you’re unsure whether a request is legitimate, it’s best to verify the request directly with the executive or supervisor in question, either by phone or in person. Additionally, it’s important to follow good cybersecurity practices, such as using strong passwords and keeping your software up-to-date, to help protect against scams and other cyber threats.