Imagine going about your day when suddenly you receive a text message from the CEO. It is important to the CEO of the company that you help out. While they're out doing customer visits, someone dropped the ball on providing gift cards. The CEO needs you to buy six £200 gift cards and text him the information right away.
The message sender promises to reimburse you before the end of the day. Also, they'll be in meetings for the next two hours, so you won't be able to reach them by phone. Lastly, this is a very high priority. Those gift cards are urgently needed.
Would this kind of request make you pause and wonder? Or would you quickly pull out your credit card to do as the message asked?
A surprising number of employees fall for this gift card scam. There are also many variations. Such as your boss being stuck without gas or some other dire situation that only you can help with.
This scam can come via text message or email. What happens is that the unsuspecting employee buys the gift cards. They then sent the numbers back. They found out later that the real company CEO wasn’t the one that contacted them. It was a phishing scammer.
Phishing attacks are becoming increasingly common and can lead to serious consequences, such as identity theft and financial loss. Without proper training, 32.4% of employees are prone to falling for a phishing scam.
Why Do Employees Fall for Phishing Scams?
Though the circumstances may be odd, many employees fall for this gift card scam. Hackers use social engineering tactics. To get an employee to follow through on a request, they manipulate emotions.
Some of these social engineering tactics illicit the following:
- The employee is afraid of not doing as asked by a superior
- The employee jumps at the chance to save the day
- The employee doesn’t want to let their company down
- The employee may feel they can advance in their career by helping
The scam’s message is also crafted in a way to get employees to act without thinking or checking. It includes a sense of urgency. The CEO needs the gift card details right away. Also, the message notes that the CEO will be out of touch for the next few hours. This decreases the chance that the employee will try to contact the real CEO to check the validity of the text.
A Woman Was Scammed Out of More Than £6,000 from a Fake CEO Email
Variations of this scam are prevalent and can lead to significant financial losses. A company isn’t responsible if an employee falls for a scam and purchases gift cards with their own money.
In one example, a woman in Illinois, USA, lost over £6,000. This was after receiving an email from someone she thought was her company’s CEO.
The woman received an email purporting to be from her boss and company CEO. According to the email, her boss wanted to send gift cards to a few selected employees who had gone above and beyond.
The email ended with “Can you help me purchase some gift cards today?” The boss had a reputation for being very kind to employees, so the email did not seem out of character.
The woman bought the gift cards from typical neighbourhood shops. Then she got another request asking her to send a photo of the cards. Again, the wording in the message was very believable and non-threatening. It simply stated, “Can you take a picture? I’m putting this all on a spreadsheet.”
The woman ended up purchasing over £6,000 in gift cards that the scammer then stole. When she saw her boss a short while later, her boss knew nothing about the gift card request. The woman realised she had been the victim of a scam.
Tips for Avoiding Costly Phishing Scams
Always Double Check Unusual Requests
In spite of what a message might say about being unreachable, you should check in person or by phone anyway. Make sure you verify any unusual requests or those involving money. Contact the person through other means to make sure it's legitimate.
Don’t React Emotionally
Scammers often try to get victims to act before they have time to think. Just a few minutes of sitting back and looking at a message objectively is often all that’s needed to realise it’s a scam. Don’t react emotionally, instead ask if this seems real or is it out of the ordinary?
Get a Second Opinion
Ask a colleague, or better yet, your company’s IT service provider, to take a closer look at the message. Getting a second opinion keeps you from reacting right away. It can save you from making a costly judgment error.
Check EPX's Tips on Phishing
We explained what phishing attacks are and how to spot them to protect yourself online on an educational video.
Need Help with Employee Phishing Awareness Training?
Phishing keeps getting more sophisticated all the time. Make sure your employee awareness training is up-to-date. Give us a call today to schedule a training session to shore up your team’s defences.
JTNDZGl2JTIwaWQlM0QlMjJzbGlkZUJ1dHRvbiUyMiUyMGNsYXNzJTNEJTIyc2lkZS1idXR0b24lMjIlM0VHZXQlMjBJbiUyMFRvdWNoJTNDJTJGZGl2JTNF
