The AR Aging Report scam is a phishing scam aimed at businesses. It uses some of the same tactics as the far more common Boss Needs Gift Cards - that is, the scammer poses as the CEO/boss, but none of the victim’s email accounts are compromised.

This scam starts when the scammer emails an accountant working for the company, posing as the boss/owner/CEO. They request the AR (Accounts Receivable) Aging Report for 30/60/90 days. If you are not familiar with what an AR Aging Report is, it’s a list of everybody who owes the company money (and hasn’t paid the company yet) at least 30/60/90 days.

If the AR Aging report doesn’t include a way to contact the people who owe the money, then the scammer’s next request is for contact information.

The scammer then contacts those people by spoofing the company email. This contact will usually change the wire/address information to the scammer’s address/bank account, so the scammer gets the money. There are variants where the scammer contacts the people on the list and offers to let them pay a lower amount to resolve the debt… to the scammer’s bank account, of course.

In the end, the scammer gets paid, the victim company does not, and the people that the scammer contacted are out the money.

How to protect yourself

Like other scams, use common sense to protect yourself. Question the email, ask others, don’t just send something out without double and triple checking. Does your CEO (because the scammers usually impersonate CEOs) normally ask for an aging report? If so, where is this email coming from? If you’re not 100% certain, reach out to the person supposedly sending it and make sure.