When your boss emails you to transfer money, what do you do?

Earlier today, M, the treasurer at our society received an email, apparently from B, the former president of the society. Look at the header in graphic 1 - it shows B's name and B's usual email address. In the email, B asked M to initiate payment of $2950 to a vendor today.
Graphic 1
M followed correct procedure and hit 'reply', asking B for more details. However, she did not see at the time (because many email apps don't show all the details) that her message was not going to B's usual email address, but instead to 'chairboard777@yahoo.com' - a scammer.
Graphic 2
The scammer then replied to M, again using B's name and usual email address, telling her to make payment for a fake event.
Graphic 3

Fortunately, M then emailed the current president and asked for approval, because (unknown to the scammer), B is no longer the president of the society. He checked with the real B, and we quickly established that this was a scam. That was a close call: if B was still the president, "his" email would have appeared to be a legitimate approval of the transaction.


This was a classic example of 'whaling' - a special type of email 'phishing' that imitates high-ranking people such as CEOs, bosses, managers, even politicians and celebrities. Whaling emails and websites are highly customized and personalized, often incorporating the target's name, job title or other relevant information gleaned from a variety of sources  (http://searchsecurity.techtarget.com/definition/whaling) - this scammer did his homework because he had the names and addresses of our (ex) president and treasurer.

What to do

When you receive any payment instruction that appears to come from your boss, create a new email and forward that message to your boss, asking for confirmation. Don't hit reply because the scammers have setup all replies to divert to them. I also do this when I receive instructions to click on a link or an attachment, apparently from my boss or colleagues, because scammers use the same method to spread malware.


Popular Posts