Phishing technique: Message from the boss


Is it possible for you to ignore an email sent by your boss? Phishers believe that you probably would not, and this is the reason they are getting better at mimicking them. According to the FBI, there has recently been a surge in “CEO fraud,” an email scam where fraudsters spoof a message from the boss to trick people working in the organization into sending money to an untrusted source. According to an FBI estimate, companies have suffered losses of $2.3 billion due to email scams over the past three years.

The scam can be difficult to spot. Email security company Vade Secure stated that scammers might write just like your boss and they might even congratulate you on your new promotion or ask how your recent vacation went, but they could just be phishers who want funds or to know company secrets.

In this article, we will shed light on how the phishing type “message from the boss” works. We’ll look at how to spot the potential red flags, some examples of this scam, the methods of attack and what preventive measures are available to you.

How does this scam work?

Typically, this scam works in three steps:

  1. Scammers attempt to find names of corporate executives (the boss, the CEO, high-ranking supervisors), their emails, usernames, passwords and job functions
  2. They impersonate a trusted boss and send email to subordinate employees
  3. They try to obtain or withdraw money sent by the victims; to this end, they may even need third-party assistance

According to Vade Secure, fraudsters simply create fake email accounts using free services such as Yahoo, MSN or Gmail under the names of executives.

Scammers mostly bet that the targeted employees are careless about noticing the full email address. If they are viewing messages on a mobile (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Fakhar Imam. Read the original post at: