Bogus boss: Text messages expose scammers posing as coworkers

This browser does not support the video element.

Scammers are betting that if you get a text from your boss or manager, there’s a good chance you’ll answer it.

Fraudsters are combing job sites and data companies like Indeed, LinkedIn, ZoomInfo, and social media to get information on you and who you work for. Then they use that information to pose as your boss.

In many cases, these con artists are after your money, your personal information, or access to your company systems. They are especially fond of new employees, who are more likely to act quickly in an effort to make a good first impression.

“When you post on LinkedIn that you got a new job, you’re also telling all the adversaries, ‘Hey, a new sucker was just born,’” says Cyberbit CEO Caleb Barlow.

Barlow sees a lot of on-the-job cyber scams in his business. It’s so pervasive, companies are now expected to spend $212 billion on IT security next year, an increase of 15% over 2024.

“There’s a good chance that 3 or 4 percent of all the email you get on any given day is trying to force you into something,” Barlow says.

And it’s not just email. Scammers are getting better with text messages.

Scammers can get your phone number from a number of places, including resumes posted online that include your contact information. From there, it’s just a matter of connecting the dots through sites like LinkedIn to find your new boss, or maybe your new direct reports.

Scammers can also use AI to scour your manager’s or employees’ social media, helping add a personal touch to the bogus messages they send you.

Many are short, personalized, and start with a simple request, such as: “Hi [Your Name]. This is [Your Boss’s Name]. Have a minute?”

Boston 25 News went to Brookline to share a few known fraud text messages with people. We then asked for their reactions.

“If it had my boss’s name and then my name as well, I would definitely respond to that,” said George Markley.

“I would probably respond if it’s personalized,” said Cynthia Hau.

“I would [respond] because they’re not asking for any information or anything,” Killian Pozdol.

But that’s the catch, warns the Better Business Bureau. Scammers know to start simple. Those who respond generally report receiving a request for a favor, such as picking up gift cards for a client, wiring funds for payment to another business, or providing personal information for “Human Resources.”

But the Better Business Bureau says none of these requests are legitimate. Each could result in stolen funds or identity theft.

In many circumstances, Barlow says you are not the primary target. The scammer’s goal is to hack your company, and they are hoping you’ll unlock the door.

It’s something Barlow tries to help his clients prevent.

“An adversary got a victim that happened to work in a finance department to click on a link,” Barlow recalled in a recent case. “They then used that access to communicate back and forth with the company’s bank. It wasn’t until the very last second that someone noticed something was off and they were able to shut it down.”

Experts say the best defense is to practice healthy skepticism. Before you respond to an unexpected text or email, go directly your manager to verify its authenticity.

Barlow also stresses: never click on any link you were not already expecting.

Even if the request turns out to be legitimate, companies are spending so much to stop scammers and hackers, Barlow says your managers and the company’s IT security teams will appreciate that you asked.

Download the FREE Boston 25 News app for breaking news alerts.

Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW