Picture this: You’re relaxing after a long day when you receive a message from your manager saying they need your help with a timely matter. It appears to be nothing out of the ordinary—until that request involves getting them money or sensitive documents as soon as possible. If this sounds like a red flag, you’re correct; this exact scenario describes the start of a fake boss text scam. The good news? Cybersecurity experts say there are clear warning signs that can help you stay one step ahead.
What is a fake boss text scam?
When a supervisor reaches out with a request, most people are happy to oblige—even if that plea seems out of the blue. Sadly, this eagerness to be a team player is what scammers are banking on when they target potential victims.
“Fake boss scams are becoming increasingly common and can put employees in a tough position where they don’t want to say no to a request from their senior leadership,” says Serena Sullivan, PhD, associate professor of cybersecurity at National University. “Artificial Intelligence (AI) is making these even more prevalent, as it can help scrape the internet for data to help make these messages believable.”
So what exactly is this scheme? Essentially, fraudsters pose as managers and other high-level executives to trick employees into sending money or sensitive business information. What the victim doesn’t realize is that they are not being contacted by their real boss—they are actually caught up in a phishing attempt.
How do fake boss scams work? Common variations to watch for
Not only does this scam go by several names (like CEO fraud, boss impersonation and fake boss), it can take different forms, as well.
You may be contacted:
- By email, receiving a message that appears to be from your boss’s official email address
- With a text message from an unknown number, though the recipient quickly clarifies it’s your supervisor
- Via a video or phone call that appears legitimate thanks to AI and voice cloning
All of these communication methods will include some kind of request that needs to be handled right away, such as wiring funds, purchasing gift cards or sending sensitive documents. Then the scammer, posing as an executive or manager, will walk you through how to send them the money or information.
To make the issue seem particularly serious, the “boss” will insist on confidentiality. Employees may believe this is simply a safe business practice, but it’s actually done to encourage victims to not report the crime.
The scary part? You may not even realize you’ve been duped if you don’t have regular contact with the executive or never discuss the matter with your real manager.
Some scammers want company secrets and money, while others are looking for the personal information of other employees to commit identity theft. That’s why recognizing the warning signs and knowing how to respond is your best defense against these schemes.
Key warning signs that your boss’s message might be fake
Since this scam can catch you off guard, experts say being familiar with the most common red flags is a must to protect yourself. Here are the details that will indicate this is a phishing attack:
A high-level senior leader reaches out
“If you’ve had limited contact with your CEO and you get a direct message asking to buy and send images of the gift cards they asked you to purchase, for example, this should be an immediate warning sign to you,” shares Sullivan. “While senior leaders can certainly tap anyone in the company for support, verify with your direct manager if something seems off base. And report it to your IT team immediately.”
The request is urgent
In most of these scams, your “boss” will insist you follow through right away—no questions asked. But it’s actually a good idea for you to pause and evaluate the situation.
“While work emergencies do happen, take a beat and think about the request,” she adds. “Does it seem reasonable and like something you could encounter in your day-to-day work?”
When in doubt, check with other employees on your team and verify the request through a trusted channel such as company email or Slack channel.
You’re told to bypass standard operating procedures
“There are processes in place for a reason,” says Sullivan. “If you’re being asked to do something that goes against that code, it could be a flag that something is amiss!”
The email address is wrong
It’s not unheard of for the scammer to follow up after the call or text with an email to make the scenario seem even more realistic. Before you accept that as a sign the request is legitimate, however, take a closer look at the “from” field in the email.
“Often the scammer will use your boss’ name in the email address, but the domain will not be from your company,” she explains. “For example, if your boss’s name is Jane Doe, and their email is supposed to be jane.doe@yourcompany.com, the ‘from’ field may list jane.doe@gmail.com instead. This is particularly easy to fall victim to on some mobile devices, where the domain is not shown from the preview of the message.”
Tip: View the email header information to see the sender’s full email address.
What to do if you fall for the scam
If you believe you were victimized by a fake boss text scam or phone call, you’ll want to come forward immediately. It may be difficult to admit what happened, but doing so is important to prevent any further damage.
Start by alerting your actual manager and your IT team right away.
“Give them all of the information you have—forwarding the messaging, sharing the number it came from and telling them exactly what you did,” advises Sullivan. “This will help find a solution for the situation at hand.” Along with this, change passwords for any accounts you believe you may have given to the scammer.
It’s also smart to report it to the Federal Trade Commission (FTC). The agency collects information on scams to help prevent future attacks on others.
Finally, consider spreading the word about the scam to your coworkers, as it can keep them from falling into the same trap.
“There’s a good chance that if you’re getting the message, someone else at the company is too,” Sullivan adds.
The bottom line? While scammers are getting more sophisticated, so are the tools to stop them. By staying informed, trusting your instincts and knowing the warning signs, you have everything you need to keep yourself—and your workplace—safe.
