Skip to content
Line break
Get in touch
View Navigation

Latest News

You are here: Home > News > Staff Impersonation Scams

Staff Impersonation Scams

Phishing Emails Targeting Staff in Senior Roles

The Cyber Intelligence Team at the National Fraud Intelligence Bureau has been gathering information on a tactic that scammers are using to target staff in senior roles. Here's how it works...

The target gets an email which has come from a manager, director or other senior role at another organisation.

The email may come from a recognised work email address. However, that doesn’t mean that the contents are safe! When they can, scammers will use real email accounts that they've hijacked because it makes their emails seem legitimate.

In this scam, the email asks the recipient to click on a link to open a document. When they click on the link, the target is asked to type in their email login details to view the file.

Here's the tricky part: once the target does that, the scammers have gained access to their email account. They can then use this newly compromised account to send the same phishing email to others, starting a chain reaction.

Once they're in a person’s email account, they can find all sorts of information that could help them scam others in the future. Things like details about suppliers, copies of invoices, system names, and they can even request password resets for other services.

Here's what you can do to protect yourself:

  • Be careful with emails that ask you to click on links and log in.
  • Don't click on links in emails that you weren't expecting. You can hover your mouse over the link to see where it will take you.
  • If you're not sure about an email, try to contact the sender using a method you know is safe, like calling them on their work phone or using Microsoft Teams.
  • If you can't reach the sender, ask your Local Counter Fraud Specialist or IT team for help to check if the email is real.

Gift Card Scam

On the subject of impersonating staff, we have recently seen a spate of phishing emails sent to NHS staff asking for help purchasing gift cards.

These requests were designed to look as though they had come from an employee in a senior role at the organisation. There were some tell tale signs that the request was fraudulent:

  • It had come from an @gmail.com account.
  • It asked the recipient to keep the request secret.
  • The email subject was generic / unusual: “TASK REQUEST”
  • The message asked for the recipient to act quickly. Fraudsters often try and panic people into taking action quickly so that they don’t have time to second guess the request.
  • The email was signed off with the senior employee’s name and job title but these are publicly visible. There was none of the usual information you’d expect to see in their signature – such as their direct contact number or organisation logo.

Fraudsters like to impersonate senior staff because they are often easy to identify online, and because they have the authority to sign off payments. Some staff may feel less confident challenging unusual requests from someone at the top of their organisation.

Please be wary of this fraud methodology. If you feel that an email is putting you under pressure to do something that is not in line with policy and procedure, or to keep a purchase secret, please bear in mind you could be being scammed.

If you receive a suspicious email, please contact your Local Counter Fraud Specialist or IT for support

Other useful articles can be found in our Counter Fraud Newsletters on the Publications page