'Bogus Boss' scammers on the rise

Not content with conning old ladies out of their savings, online fraudsters are now targeting the corporate hierarchy by pretending to be CEOs...

by Andrew Saunders
Last Updated: 20 Jul 2016

According to new figures from Action Fraud (which it turns out is the UK’s national fraud and internet crime reporting agency), a total of 994 cases of so-called ‘Bogus Boss’ fraud were reported to them in the six months from July last year. And given that reporting rates for online scams of this kind are still voluntary, we can be pretty sure that the true rates are very much higher.

In case you haven’t come across them before, Bogus Boss frauds sadly don’t involve someone in a stick on moustache and wig impersonating the CEO at board meetings.  Rather they are a sophisticated new variation on those old phishing emails which purported to come from one of your friends who had inexplicably got themselves stuck in downtown Lagos without a cent to their names.  

The CEO scammers’ updated MO is to contact a member of the target firm’s accounts team and spin them a line about a secret takeover deal or a rush payment to a consultant, then give instructions that a large sum of money needs to be quickly transferred from the corporate accounts without anyone else knowing about it.

Written down like that it sounds ridiculous. Surely no-one in a position of authority would fall for such a trick without a call to the real CEO to check that all is above board?

Well, you’d be surprised. One un-named global healthcare firm was taken to the tune of a staggering £18.5m by exactly this technique, says Action Fraud, and even the typical sum – more like £35,000 – is not exactly peanuts.  

No-one likes to gainsay the boss, it seems, and the devil is in the details – great care is taken by the scammers to make sure that the emails they send really do look like they have come from a very senior figure in the company, and targets are equally carefully chosen to be important enough to sign off on substantial sums, but not so important that they are likely to bump into the purported sender on their next trip to the executive washroom. They are then pressured into acting quickly to stop them getting suspicious until it is too late.

Following a spate of cases in France – almost 500m Euros has been taken from French firms in this way since 2010, including big names like Michelin and Nestle – it seems that the phishers are now trying their luck more often on this side of the channel. Payments taken in this way can sometimes be stopped or clawed back at least partially. But often the money - and the fraudsters - simply vanish without a trace.

So next time you get an unexpected email from the CEO demanding absolute confidentiality, it might just be worth calling their office back to check that they really are who they say they are. Or not - your career, your call...

Find this article useful?

Get more great articles like this in your inbox every lunchtime

The traits that will see you through Act II of the COVID crisis ...

Executive briefing: Sally Bailey, NED and former CEO of White Stuff.

What's the most useful word in a leader’s vocabulary?

It's not ‘why’, says Razor CEO Jamie Hinton.

Lessons in brand strategy: Virgin Radio and The O2

For brands to move with the times, they need to know what makes them timeless,...

Why collaborations fail

Collaboration needn’t be a dirty word.

How redundancies affect culture

There are ways of preventing 'survivor syndrome' derailing your recovery.

What they don't tell you about inclusive leadership

Briefing: Frances Frei was hired to fix Uber’s ‘bro culture’. Here’s her lesson for where...