Beware: Scammers are impersonating your boss in Oman!

Muscat: Have you ever received an urgent message from your boss demanding immediate action?

If so, you’re not alone—and increasingly, that message might not be from your boss at all.

Cybercriminals are now targeting employees in the Sultanate of Oman by impersonating company chairman, managing directors and CEOs through spoofed emails.

These scams, known globally as the “CEO fraud” or “business email compromise” scheme, aim to trick staff into transferring money or sharing sensitive company data.

Previously, fraud attempts often came in the form of phone calls or lottery scams.

Today, criminals are sending emails that mimic corporate branding, include personal details such as the employee’s name or position, and appear to come directly from senior executives.

How the scam works

The attacker sends a spoofed email, posing as the CEO or chairman, with urgent instructions—often requesting wire transfers, confidential payments, or sensitive information.

The fraudster may cite reasons such as securing an important contract, updating supplier details, or handling a “confidential” transaction. Victims are frequently told not to inform anyone in the company.

In some cases, scammers even pretend the request is for distributing gifts to colleagues.

Recently, an employee in a private Omani firm received an email—supposedly from his chairman—praising the team’s hard work and asking him to coordinate a gift distribution. The email referenced specific office challenges, making it appear genuine.

The message went on to offer staff the choice between an iPad Pro (7th generation) or an iPhone 16, and requested OMR 210 for courier charges.

Suspicious, the employee eventually contacted his chairman—only to discover the email was fraudulent. As scammers grow more sophisticated, vigilance is the best defence.

How to protect yourself

Never share personal, confidential, or financial details in response to an email, even if it appears to be from senior management.

Check the sender’s email address carefully—fraudsters often misspell names or use lookalike domains.

Verify suspicious requests directly with your CEO or manager, preferably via phone or face-to-face, and never through the contact details provided in the suspicious email.

Pause before acting — legitimate executives will not demand secrecy or urgent money transfers by email alone.