Protect yourself from the ‘fake boss scam’ targeting employees

Text Messaging stock image

(Photo by Getty Images)

Scammers are taking advantage of employees’ helpful nature by sending fake emails and texts that appear as if they are coming from a UTHealth Houston leader.

The scenario

You get an email from your boss asking if you are available. Of course, you wouldn’t ignore this message, so you respond “Yes.” You are then asked to quickly purchase gift cards or take another action costing you money. Unfortunately, the message wasn’t from your boss but a criminal trying to trick you.

The fake boss scam

Referred to by the FCC as a “fake boss scam,” here’s how it works:

Step 1: The criminal searches the web for names and contact information of UTHealth Houston executives and high-ranking supervisors. They look for any information they can use to help their request appear authentic.

Step 2: The criminal creates and uses similar email addresses or website names. They may even create free fake email accounts and make excuses for sending messages from their personal email.

It is important to note that, instead of using email, criminals may use a fake phone number to send a text message.

Step 3: The criminal asks an employee to do them a favor and buy gift cards, then send the gift card numbers back via email or text message.

Outsmart the criminal

To avoid being a victim of their scams, learn the red flags.

  • Unknown numbers or addresses with familiar names
    Scammers often use names of real people within UTHealth Houston to build trust. But the number or address provided usually doesn’t match official contact information. If the sender says, “It’s Dr. Smith, your department chair,” but the number isn’t saved in your phone or has no caller ID, treat it with caution.
  • Vague language and unusual requests
    Phrases like “I need a quick favor” or “Are you available right now?” are classic bait. If you are then asked to buy gift cards, transfer money, or share sensitive information… STOP! Additionally, if the “boss” is not someone you would expect to contact you for a favor, be skeptical.
  • Urgency and isolation
    Scammers try to pressure you. “Don’t tell anyone,” “This is confidential,” or “I’m in a meeting, can’t talk” are all tricks to keep you from verifying the request. The goal is to make you act fast, before you think.

What to do if you get a suspicious text

  • Don’t respond immediately
    Pause and evaluate. A criminal wants you to act before you think. Give yourself time to check things out.
  • Verify the sender
    Use a trusted method to contact the person directly, such as work email, office phone, or Teams chat. Never respond to the email message or number that just texted you.
  • Report it
    Report suspicious texts to our IT Solution Center at 713-486-4848. You’re probably not the only person at UTHealth Houston who was targeted.
  • Spread awareness
    These scams depend on catching people off guard. Sharing your experience can help others stay alert.