MyCert warns of 'Boss Impersonation' scam email

In one sample screenshot, the impersonator asked the recipient to purchase vouchers as a surprise bonus for staff members, claiming the expenses would be reimbursed later. — Image by creativeart on Magnific

So you got an email from your 'boss' asking whether you are in the office?

The Malaysia Computer Emergency Response Team (MyCert) under CyberSecurity Malaysia is urging users to be cautious of such messages.

In a May 12 advisory, MyCert said its Cyber999 Incident Response Centre has been receiving reports from users who were sent suspicious emails by individuals impersonating C-level executives or senior management personnel within their organisations.

It added that the emails were scams employing social engineering tactics designed to manipulate or pressure recipients into complying with requests.

The email typically begins with questions such as “Are you in the office?” or “Are you available?” to test the recipient’s responsiveness.

In one sample screenshot shown in the MyCert advisory, the impersonator asked the recipient to purchase vouchers as a surprise bonus for staff members, claiming the expenses would be reimbursed later.

“Based on our analysis of the emails, the suspicious emails were sent from an email address with the domain name telefonica.net, impersonating C-level executives and other top management personnel within organisations,” MyCert said in the advisory.

It is believed that the legitimate Spanish ISP domain was used to bypass spam filters. Additionally, the sender will utilise a display name closely resembling that of C-level or other top management personnel to fool staff into assuming the emails were genuine.

It also said the emails could be part of a “broader, targeted phishing campaign” involving one or more individuals using multiple email accounts to impersonate company bosses.

Users were advised to adopt good email security practices, including carefully checking the sender’s email address before responding and treating emails requesting sensitive information or urgent action with caution.

Additionally, users are also reminded to verify any sensitive requests through a phone call, official messaging platform, or face-to-face communication.

Cyber999 is a service for Internet users to report or escalate computer security incidents.

Topic:

Cybersecurity Technology Internet Social media

Report a mistake

What is the issue about?

Spelling and grammatical error

Factually incorrect

Story is irrelevant

Thank you for your report!

Related News

The AI wars are having a surprising cybersecurity benefit. Here’s how

Cybersecurity 1d ago

MyCert warns of 'Boss Impersonation' scam email

ELEVATING INDUSTRY-LINKED EDUCATION

Others Also Read

Thank you for downloading.

MyCert warns of 'Boss Impersonation' scam email

Related Stories

The AI wars are having a surprising cybersecurity benefit. Here’s how

Why ‘compliance’ breeds cybersecurity blindspots

Japan to urgently develop cybersecurity measures due to threats from advanced AI models

Related stories:

Related News

The AI wars are having a surprising cybersecurity benefit. Here’s how

Why ‘compliance’ breeds cybersecurity blindspots

Japan to urgently develop cybersecurity measures due to threats from advanced AI models

ELEVATING INDUSTRY-LINKED EDUCATION

Trending in Tech

Others Also Read

Thank you for downloading.