Best Practices

Boss Impersonation - Email Scams

Combat boss impersonation email scams, protect your business from fraud, and enhance security measures with our comprehensive guide on identifying scams.

In the ever-evolving landscape of online fraud, scammers are employing sophisticated techniques to deceive employees and compromise businesses. One such scheme, known as boss impersonation email scams, targets employees who receive emails that appear to be from their superiors, requesting confidential data or making unauthorized financial transactions.

The evidence suggests that these scammers often study businesses through websites and services like ZoomInfo and LinkedIn to personalize their approach. These scammers employ social engineering tactics, leveraging knowledge to make their requests seem legitimate and to navigate conversations smoothly.

Unfortunately, unsuspecting employees can fall victim to these scams, leading to significant financial losses and potential damage to the company's reputation. To ensure the safety of your employees and protect your business, it is crucial to plan ahead of this growing threat.

Understanding Business Email Compromise (BEC) Fraud

BEC is an insidious email scam that primarily targets employees responsible for initiating financial transactions on behalf of their employers. According to the Federal Bureau of Investigations(FBI) BEC fraud has caused more financial losses than any other type of fraud in the United States.

How to Protect Yourself from Email Scams

  • Be mindful of what you're posting on the internet, including social media. If you share stuff like your pet's name, where you go to school, links to your family, and your birthday, you're giving a scammer enough clues to guess your password or security questions.
  • If you get an email or text message you weren't expecting and it's asking you to update or verify your account details, don't click on anything. Instead, look up the company's phone number yourself (don't use the one in the message), and call them to check if the message is actually from them.
  • Always double-check the email address, website address, and spelling in messages you get. Scammers sometimes make small changes to trick you into trusting them.
  • Be careful about downloading stuff. You should never open an email attachment if you don't know who sent it, and be careful with attachments people forward to you.
  • Use two-factor (or multi-factor) authentication for your accounts when you can, and make sure to keep it turned on.
  • If someone asks you for a payment or to buy something, try to check in person or by phone if it's real. If they want you to change your account number or how you make payments, check this with them too.
  • And if someone's trying to rush you into doing something, be extra careful – it's a common trick scammers use.
Four Business people at an office meeting discussing Email Scams

Set Protocols for Email Scams

Business owners have a responsibility to safeguard their employees from boss impersonation email scams. By taking proactive measures, you can minimize the risk of falling victim to these fraudulent schemes and preserve your company's reputation. Here are some essential steps to consider:

  1. Employee Awareness: Ensure that all employees are educated about boss impersonation scams and the tactics scammers employ. Encourage open communication and emphasize that they should never hesitate to question unusual requests from their superiors. Inform them that their own money should never be used for business purposes without a clearly defined protocol in place.
  2. Establish Clear Protocols: Develop and implement strict protocols for financial transactions, including a robust verification process for any requests made by superiors. Establish specific channels and procedures for communication, ensuring that employees have a reliable way to verify the legitimacy of any unusual or urgent requests.
  3. Ongoing Training and Communication: Regularly conduct training sessions and workshops to keep employees updated on the latest scam techniques and prevention strategies.
  4. Verify Contact Information: Provide guidance on how to verify the legitimacy of emails, such as cross-referencing the email address with internal directories or contacting superiors through alternative means to confirm the authenticity of requests.


Protecting your business from scams like boss impersonations, requires proactive measures. Partnering with The Blacklist Alliance is a powerful solution, providing many tools including comprehensive courses to educate your staff and regular updates through weekly emails such as this article to keep you up to date with the latest threats and updated regulations. By joining the Blacklist Alliance, you can equip your employees with the knowledge and tools to identify and prevent fraud, ensuring the security and reputation of your business.