Your Next Fraudulent E-Mail May Come From Your Boss

fakemegIf I received an urgent e-mail from Boss Meg telling me to send a $9,000 wire transfer to Consumerist’s fedora vendor, I would know that it was some kind of scam. Paying our bills isn’t part of my job, so clearly that isn’t an e-mail that I would receive. What if that were my job, though? Companies have reported losing an average of $55,000 to a scam exactly like this, wiring money to mysterious entities who forge e-mails from the boss.

Companies do conduct a lot of business by e-mail, which is what makes this scam so scary. A fraudster might also pose as an existing vendor sending in new “account information” that goes somewhere else entirely. The goal of this scam is simple: pretend to be the boss, ask employees to send money as a fake vendor payment or investment. Once the money is sent, it will be almost impossible to recover.

Companies targeted from this scam are generally in North America or the United Kingdom, deal with vendors in other countries, and routinely send out large payments, so the errant payment might even go unnoticed for long enough that it can’t be traced. According to the Internet Crime Complaint Center, the largest fraudulent payment sent was more than $800,000.

There are ways to prevent such things from happening in your workplace: make sure that multiple people have to authorize large transactions. Carefully check return addresses on messages that you receive, and even look at the headers to make sure that the message originated where it was supposed to. Require purchase orders approved by a manager for all big expenditures. Also, be wary of any transaction that you’re told is absolutely urgent, or that needs to be kept secret from other people in the organization.

A bossy business scam [Federal Trade Commission] (via Bloomberg Businessweek)
BUSINESS E-MAIL COMPROMISE [Internet Crime Complaint Center]