Award Banner
Award Banner
singapore

'I realise I need more voucher cards': Police warn of boss impersonation scam

Received email from your 'boss' asking you to buy gift cards for 'work'? Stop and check
'I realise I need more voucher cards': Police warn of boss impersonation scam
At least 25 cases of boss impersonation scam have occurred since Jan 1, 2026.
PHOTO: AsiaOne/Rauf Khan
Sean LerPUBLISHED ONJanuary 30, 2026 8:08 AMBYSean Ler

There is a new scam doing the rounds — email from your "boss".

Since the beginning of the year, at least 25 such cases of scammers impersonating as victims' manager(s) have been reported, with losses amounting to at least $30,000, the police said on Wednesday (Jan 28).

In this scam variant, victims would receive emails purportedly sent by their CEO or supervisor, asking them to use their own funds to urgently purchase gift cards, such as those from Apple, Xbox, or Razer Gold, to be used for work.

These emails would also bear display names belonging to their CEO or supervisor, while assuring the victims that they would be reimbursed by the company.

Victims were also told to provide the redemption codes on the gift cards, which the scammers would use, to make redemptions.

They would only realise that they have been scammed after checking with their colleagues.

Example of an email received by a victim. IMAGE: Singapore Police Force

How not to fall prey

Individuals should always verify the veracity of such emails through a different medium, such as through enterprise communication channels, phone calls or text messages, before proceeding with any out-of-the-ordinary instructions received via email.

They can also look out for tell-tale signs such as whether the email was sent from the company's domain name, and whether "urgent requests" to purchase gift cards, especially in large quantities, are part of their company's practices.

Companies should consider briefing their staff on this scam variant, especially new employees and interns, who may not be familiar with the company's processes.

They can also ensure that work-related communications and instructions are only conducted through official channels such as their enterprise communication channel or company email.

Other company-level good practices include enabling two-factor authentication (2FA), utilising email authentication tools such as domain-based message authentication, reporting and conformance to detect fraudulent emails and prevent them from reaching users' inboxes, and ensuring that operating system on computing devices are up-to-date.

Those in doubt may also call the 24-hour ScamShield helpline at 1799. 

[[nid:729023]]

editor@asiaone.com 

Singapore Police ForcecrimeComputer crimesscamsInternet crimes and scamsBusiness
This website is best viewed using the latest versions of web browsers.