Imagine going about your day when you receive an urgent text from someone claiming to be the CEO of your company. They explained that while they were out doing customer visits, someone else failed to provide gift cards as promised, and they needed your help. The message requests that you purchase six $200 gift cards and text the information immediately. The sender assures you that they will reimburse you before the end of the day. They also mention that they won’t be reachable by phone for the next two hours because of ongoing meetings. Finally, they emphasise that this is a high-priority matter and that they need the gift cards urgently.
When you receive a message like this, you may question whether it’s a genuine request or a scam. Unfortunately, many employees fall for this type of gift card scam, which can take different forms. For instance, scammers may pose as your boss, claiming to be stranded without gas or in another dire situation that only you can help. These scams can come by text message or email, and they are designed to exploit the recipient’s trust and sense of urgency.
In this type of scam, the unsuspecting employee buys the requested gift cards and sends the card numbers to the scammer. Later, the employee discovers that the actual CEO or boss did not contact them, and they have fallen victim to a phishing scam. The result is that the employee loses the money spent on the gift cards, and the scammer gets away with it.
If you receive a request like this, you must be cautious and verify its legitimacy. You can check with a trusted colleague or contact the sender through a known email or phone number to confirm the request’s authenticity. It’s essential to prioritise your safety by being cautious when sharing personal or financial information to avoid potential harm.
Studies show that 32.4% of employees risk falling for a phishing scam due to a lack of proper training.
Why Do Employees Fall for Phishing Scams?
Despite the unusual circumstances, many employees still fall victim to gift card scam, which is often executed by hackers using social engineering tactics to manipulate their emotions and convince them to comply with the request.
These social engineering tactics may include exploiting the employee’s fear of disappointing their superiors, their eagerness to help, their loyalty to the company, or their desire to advance their career. The scam message is designed to elicit an immediate response without critical thinking or verification. It typically includes a sense of urgency, emphasising that the CEO needs the gift card details immediately and that they will be unavailable for the next few hours, discouraging the employee from trying to confirm the message’s validity with the actual CEO.
These manipulative tactics are effective, as evidenced by the many employees falling victim to the scam. To prevent such attacks, it is crucial to provide comprehensive training to employees on recognising and responding to phishing attempts. It is also essential to create a culture of security awareness in the workplace to encourage employees to report suspicious messages and requests and implement security measures such as two-factor authentication to protect sensitive data.
Illinois Woman Scammed Out of More Than $6,000 from a Fake CEO Email
Variations of the gift card scam are widespread and can result in significant financial losses for employees and their companies. Unfortunately, companies are not responsible for employees who fall victim to this scam and purchase gift cards with their own money.
For instance, a woman from Palos Hills, Illinois, lost over $6,000 after receiving an email request that she believed was from her company’s CEO. The email stated that her boss wanted to reward some exceptional staff with gift cards, and it ended with a request for her assistance in purchasing them.
Since her boss had a reputation for generosity, the email did not raise any red flags for the woman. She purchased the requested gift cards from Target and Best Buy and then received another message asking her to send a photo of the cards for a spreadsheet.
The language in the second message was also persuasive and non-threatening, stating, “Can you take a picture? I’m putting this all on a spreadsheet.” The woman bought over $6,500 in gift cards, which the scammer stole.
Later, she learned that the gift card request was not legitimate when she saw her boss. The woman realised she had fallen for a scam and lost significant money.
To prevent such scams, it is critical to educate employees about the warning signs of phishing scams and provide them with the necessary tools to verify the authenticity of any requests. Additionally, companies can implement policies limiting how much money employees can spend on gift cards and establish procedures for reporting suspicious requests.
Tips for Avoiding Costly Phishing Scams
Always Double Check Unusual Requests
It’s essential to be cautious when receiving unexpected requests, especially money-related ones. Even if the message claims that the sender will be unavailable for a period, verifying the request through other means, such as in-person or by phone, is crucial.
If you receive an unusual request or one that involves money, take the time to verify it by contacting the person through alternative means. Ensure the request is legitimate, not a phishing scam attempting to steal your money or sensitive information.
By following these precautionary measures, you can protect yourself from scams like gift card scams. Suppose you’re unsure about any requests or messages you receive. In that case, it’s always better to err on the side of caution and promptly contact your company’s IT department or security team for assistance.
Don’t React Emotionally
Scammers frequently use tactics to pressure victims into taking immediate action, leaving little time for them to consider the situation objectively. However, taking a few minutes to step back and examine a message with a clear head can often reveal telltale signs of a scam.
It’s crucial not to react emotionally when faced with unexpected requests or unusual messages. Instead, approach the situation logically and ask yourself if the request seems legitimate or out of the ordinary. Take the time to verify the sender’s identity and confirm the authenticity of the request before taking any action.
To safeguard yourself from scams and various types of fraud, it’s crucial to remain vigilant and avoid impulsive reactions. Remember, scammers, rely on their victims’ impulsivity, so taking a moment to think things through can be all needed to avoid becoming a victim.
Get a Second Opinion
Get a second opinion before reacting to suspicious messages. Ask a colleague or IT service provider to review the message to avoid costly errors.
Need Help with Employee Phishing Awareness Training?
Stay ahead of evolving phishing tactics. Schedule an updated employee awareness training session with Qamba today to strengthen your team’s defences.
