Muscat: Have you ever gotten an urgent call from your supervisor requesting prompt action?
If this is the case, you are not alone—and increasingly, that message may not originate from your manager.
Cybercriminals are currently targeting workers in the Sultanate of Oman by posing as firm chairmen, managing directors, and CEOs through spoofed emails.
These scams, known as "CEO fraud" or "business email compromise" scams, seek to deceive personnel into sending funds or divulging important business information.
Fraud attempts were formerly in the form of phone calls or lottery scams.
Criminals are now sending emails that mimic corporate branding, contain personal information such as the employee's name and role, and appear to originate from top officials.
How the scam works
The assailant sends a fraudulent email, impersonating the CEO or chairman, with urgent demands—usually requesting wire transfers, secret payments, or sensitive information.
The scammer may provide justifications for their conduct, such as winning a crucial contract, updating supplier information, or completing a "confidential" transaction. Victims are sometimes instructed not to tell anybody in the organization.
In some instances, con artists even claim that the funds are for sending presents to colleagues.
Recently, an employee with a private Omani enterprise got an email—supposedly from his chairman—thanking the crew for their efforts and requesting that he plan a gift distribution. The email mentioned particular workplace difficulties, giving it the appearance of authenticity.
The email further offered employees the option of receiving an iPad Pro (7th generation) or an iPhone 16, with courier fees totaling OMR 210.
The worker, suspicious, contacted his chairman, who confirmed that the email was bogus. As fraudsters become more sophisticated, monitoring is the best protection.
How to protect yourself
Never disclose personal, private, or financial information in reaction to an email, even if it appears to be from senior management.
Check the sender's email address carefully—fraudsters sometimes misspell names or use lookalike domains.
Verify any questionable requests immediately with your CEO or manager, preferably by phone or in person, and never using the contact information supplied in the fraudulent email.
Pause before acting; legitimate executives will not expect secrecy or immediate money transfers via email alone.
