North Van RCMP warns of scam targeting employees

The North Vancouver RCMP are warning the public of an elaborate scheme called Boss scam that targets employees.

The North Vancouver RCMP is investigating at least one report of this type of scam that targeted one of the civilian employees at the detachment. The employee received an email request from their supervisor requesting they purchase an Amazon gift card and provide them with the PIN. Fortunately, the employee recognized that this was a scam and did not purchase the Amazon gift card.

Here’s how it works:

STEP 1 – The scammer scours the Internet for names and emails of a company’s high-ranking supervisors. They’ll also search for job titles, telephone numbers and other important information about the company, to help disguise their request.

STEP 2 – The scammer hacks into the supervisor’s business account or spoofs a similar email domain that’s hard to notice (for example boss@microsoft.com becomes boss@micr0soft.com). Or, they could create a fake email account through G-Mail, Yahoo or another service, and make an excuse for sending something from their personal email. Finally, they could spoof a phone number from your area code and send a text message instead.

Criminals love gift cards, because they’re like cash — only without the money trail. Once the money is used, it’s gone. Gift cards also don’t offer the same protections as other payment methods, like credit or debit cards. Remember, gift cards are for gifts — not payments. No legitimate business or government agency will ever insist that you pay with a gift card.

How to avoid a fake boss scam:

Pause and verify. Scammers create a sense or urgency to prey on your emotions — especially when a boss is involved. Do NOT reply directly to the text or email, instead reach out and confirm the request with your manager through a different email or phone number you trust.

Spoof-proof your company’s email. Work with your IT department to set up security and spam filters on your company email. You should also configure an external email warning that will add a warning message to the top of any emails that come from someone outside of your organization.

Have a robust phishing training program. Provide phishing awareness and training programs to your employee to protect your business. Through tutorials, tests and fake phishing emails, you can gradually train employees to better spot and respond to dangerous threats.