Kind Gesture Leaves Woman RM5,000 Poorer After Falling Prey To Scammer Posing As Her Boss
Before responding to that email from your 'boss', you might want to double-check who it's really from.
Cover image via What started as a thoughtful favour quickly turned into a costly lesson for one Malaysian woman, who lost over RM5,000 to an online scammer impersonating her boss
The victim, who only wanted to be known as Jane, said her ordeal began when she received an email supposedly from her boss, asking for help to buy Razer Gold vouchers, a type of virtual credit commonly used for gaming and digital purchases, as a reward for high-performing staff.
"I agreed to help, reassured by the promise of reimbursement by the end of the day," she told SAYS. "I bought the vouchers with cash at a convenience store and emailed the receipts. Then the sender asked for more, and I said I could help again the next day."
But things didn't feel right for long
Jane said she grew suspicious after receiving repeated, vague requests for more vouchers.
"They didn't say how much was needed. That's when I contacted my real boss via WhatsApp and confirmed it wasn't her. She immediately alerted the entire team," she said.
A closer look revealed the scammer's email address had a similar format to her boss's, but with the wrong domain.
Jane received multiple emails from individuals impersonating both her boss and manager.
Image via Provided to SAYS
Jane has since lodged a police report over the incident, which happened earlier this month
Just days later, she received another phishing email — this time posing as her manager — sent to both her personal and office inboxes.
Jane, who works for an NGO that provides education for refugees and stateless communities, said her company now plans to strengthen its cybersecurity protocols and conduct staff-wide training to avoid similar breaches in the future.
"The reason I'm sharing this is to raise awareness. We know of a few NGOs and small companies that have faced similar tactics."
She also urged other employees and companies to remain vigilant and ensure their cybersecurity systems are up to date.
Protect yourself from email scams by following these simple steps
Verify the sender
If someone asks for money or vouchers, confirm it directly via phone or official messaging apps, not just by replying to the email.
Spot the red flags
Vague instructions, urgent requests, and pressure to act fast are classic scam tactics.
Double-check email addresses
Phishing emails often mimic real ones but include slightly altered domains. Hover to verify before clicking or replying.
Report it early
Flag suspicious messages to your supervisor or IT team — it could stop others from falling victim.
Don't share sensitive info
Never send receipts, payment details, or passwords without verifying who you're dealing with.
