Facebook-f Linkedin X-twitter Instagram Youtube

How to Spot Phishing Emails Impersonating Your Boss

Home Blog
Learn how to spot a phishing email impersonating your boss.

Phishing Emails Impersonating Your Boss

Have you ever received an email from your boss asking for a quick favor? Maybe it’s an urgent request for confidential information or a sudden need for gift cards. Before you jump into action, take a moment to look closer. Phishing emails impersonating your boss are becoming increasingly common, and cybercriminals are getting crafty with their latest tricks.

The Face of Phishing

These scammers are spoofing emails addresses to make it look like the message is coming from someone important–like your CEO or a trusted partner from another company you work with or have worked with. The name might display correctly, but if you check the email address, it’s more than likely an “off” email address, like a random Gmail account or a slightly misspelled company domain.

Whale Phishing email example showing a cybercriminal posing as a decision maker at a company is requesting a payment of $97,980 by the end of the day.

Another common scam circulating is an email that appears to share a document with you. It might say something like, “John Doe has shared a document with you. Click to see.” The link, however, directs you to a phishing or pharming site designed to steal your login credentials.

Fake shared document email example

They’re Getting Smarter, But Mistakes Still Happen

In the past, fishing, emails were often riddled with spelling mistakes and poor grammar, making them easier to spot. While many scammers have improved their tactics–sometimes even using AI tools to polish their messages–errors still slipped through. Spelling mistakes, awkward, phrasing, or unusual sentence structures can be red flags.

However, even if the email looks polished, there’s another telltale sign: the tone and style of writing. You know how your boss or colleagues typically communicate. If an email’s tone seems off–maybe it’s unusually formal, overly friendly, or just doesn’t “sound” like them–that’s a warning sign. Trust your instincts if something feels out of place.

Why This Works

  • Authority Bias: We’re conditioned to comply with requests from authority figures. When an email seems to come from your boss, you’re more likely to respond quickly without questioning it.
  • Urgency: These emails often create a sense of urgency, pressuring you to act immediately.
  • Familiarity: Using names of people you know adds a layer of trustworthiness to the scam.

How to Spot the Fakes

  1. Check the Email Address: Don’t just look at the sender’s name. Click on it to view the full email address. If it doesn’t match the official company email, be cautious.
  2. Analyze the Tone and Language: Does the email sound like it was written by your boss or colleague? If the tone, wording, or level of formality seems unusual, it might be a scam.
  3. Look for Spelling and Grammar Errors: Many phishing emails still contain mistakes. Typos, incorrect punctuation, and grammatical errors can be signs of a fraudulent message.
  4. Look for Unusual Requests: Be wary if they’re asking for sensitive information, money transfers, or anything that seems out of the ordinary.
  5. Hover Over Links: Before clicking, hover your mouse over any links to see the actual URL. If it looks suspicious or doesn’t match the company’s official website, don’t click.
  6. Unexpected Attachments: Be cautious with attachments you weren’t expecting. They could contain malware.

Reporting Suspicious Emails Safely

If you suspect an email is a phishing attempt, it’s crucial to report it to your IT department safely:

  • Don’t Forward the Email: Forwarding can spread malicious links or attachments to others.
  • Take a Screenshot: Capture a screenshot of the email, including the sender’s address and any suspicious content.
  • Send a New Email: Compose a new email to your IT department and attach the screenshot. In the email, explain why you believe the message is suspicious.
  • Use Built-in Reporting Tools: If you’re using Microsoft Outlook, you can also take advantage of the Report Phishing feature for a quick and secure way to alert the right people.
    • For Outlook Desktop Users:
      1. Select the suspicious email in your inbox (do not open it).
      2. Go to the Home tab.
      3. Click on Report Message (you may need to add this from the Add-ins).
      4. Choose Phishing from the dropdown menu.
    • For Outlook Web Users:
      1. Select the suspicious email.
      2. Click on the ellipses (…) at the top right corner of the email.
      3. Hover over Security options.
      4. Click on Mark as phishing.

This will automatically report the email to Microsoft and your organization’s security team, helping to protect others from the same threat.

Stay One Step Ahead

Cyber threats are constantly evolving, but staying informed is your best defense. Always take a moment to scrutinize unexpected emails, especially those asking for sensitive actions. Remember, even if an email looks polished, inconsistencies in tone, unusual requests, or spelling and grammar errors are warning signs.

Stay safe and stay savvy!