The scam is known as a business email compromise (BEC) and has criminals forwarding an email chain to a specific person, seemingly coming from the victim’s boss. That chain then features instructions to send money somewhere.  The thread is designed to make everything look legitimate, and often emphasizes the fact the payment needs to happen quickly and quietly. But in reality it’s all a ploy to get employees to authorize money transfers to scammers. According to cybersecurity researchers at Abnormal Security (via ZDNET (opens in new tab)), these scammers generally target people working in a company’s finance department. That way they’re more likely to be able to authorize money transfers, and the scammers get to walk away with some cash. It’s also incredibly simple, and surprisingly effective. The FBI claims (opens in new tab) BEC attacks cost businesses up to $43 billion between June 2016 and December 2021. All scammers need is an internet connection, email account and a little bit of background research.

This time it’s personal…and urgent

But while BEC attacks have been going on for quite some time, the thread-forwarding method is quite new. Scammers are also taking to personalizing emails and spoofing email addresses to impersonate both company executives and vendors.  The whole thing is part of a more sophisticated lure, designed to make it look like your boss is actually asking you to transfer the money. The sense of urgency is also exploited to try and dupe employees into sending the money without questioning the email or double checking the request is actually legitimate. Plus, as Abnormal Research notes, many people don’t expect these sorts of emails to bypass businesses’ more secure email protections. But because there’s no malware or malicious code in the emails themselves, they don’t get flagged by antivirus software. That also makes them particularly hard to defend against, and relies on employees being able to spot the scam before transferring any money.

How to protect yourself

The only defense is to make sure that people are aware that these sorts of scams are out there. They should be on the lookout for scams like this, and automatically be suspicious of any communique that asks for money.  If they do arrive, be sure to verify its legitimacy through some other form of communication. Be it a phone call, instant message or asking in person. Don’t reply to the email, because your message will only go back to criminals on the other end.

New email scam pretends to be from your boss   and it s scary effective - 64New email scam pretends to be from your boss   and it s scary effective - 68New email scam pretends to be from your boss   and it s scary effective - 89New email scam pretends to be from your boss   and it s scary effective - 2New email scam pretends to be from your boss   and it s scary effective - 10New email scam pretends to be from your boss   and it s scary effective - 27


title: “New Email Scam Pretends To Be From Your Boss And It S Scary Effective” ShowToc: true date: “2022-11-07” author: “Robert Davis”


The scam is known as a business email compromise (BEC) and has criminals forwarding an email chain to a specific person, seemingly coming from the victim’s boss. That chain then features instructions to send money somewhere.  The thread is designed to make everything look legitimate, and often emphasizes the fact the payment needs to happen quickly and quietly. But in reality it’s all a ploy to get employees to authorize money transfers to scammers. According to cybersecurity researchers at Abnormal Security (via ZDNET (opens in new tab)), these scammers generally target people working in a company’s finance department. That way they’re more likely to be able to authorize money transfers, and the scammers get to walk away with some cash. It’s also incredibly simple, and surprisingly effective. The FBI claims (opens in new tab) BEC attacks cost businesses up to $43 billion between June 2016 and December 2021. All scammers need is an internet connection, email account and a little bit of background research.

This time it’s personal…and urgent

But while BEC attacks have been going on for quite some time, the thread-forwarding method is quite new. Scammers are also taking to personalizing emails and spoofing email addresses to impersonate both company executives and vendors.  The whole thing is part of a more sophisticated lure, designed to make it look like your boss is actually asking you to transfer the money. The sense of urgency is also exploited to try and dupe employees into sending the money without questioning the email or double checking the request is actually legitimate. Plus, as Abnormal Research notes, many people don’t expect these sorts of emails to bypass businesses’ more secure email protections. But because there’s no malware or malicious code in the emails themselves, they don’t get flagged by antivirus software. That also makes them particularly hard to defend against, and relies on employees being able to spot the scam before transferring any money.

How to protect yourself

The only defense is to make sure that people are aware that these sorts of scams are out there. They should be on the lookout for scams like this, and automatically be suspicious of any communique that asks for money.  If they do arrive, be sure to verify its legitimacy through some other form of communication. Be it a phone call, instant message or asking in person. Don’t reply to the email, because your message will only go back to criminals on the other end.

New email scam pretends to be from your boss   and it s scary effective - 71New email scam pretends to be from your boss   and it s scary effective - 32New email scam pretends to be from your boss   and it s scary effective - 88New email scam pretends to be from your boss   and it s scary effective - 14New email scam pretends to be from your boss   and it s scary effective - 23New email scam pretends to be from your boss   and it s scary effective - 2