Is that a Scam? Spot Phishing

Published on Tuesday, 21 February 2023 at 2:51:02 PM

You’re going about your day when suddenly you receive a text from your CEO – asking for your help. They’re out doing client visits, and someone has dropped the ball and hasn’t provided the required gift cards. The CEO needs you to buy six $200 gift cards and text the information right away.

The message sender promises to reimburse you before the end of the day. Oh, and by the way, you won’t be able to reach them by phone for the next two hours because they’ll be in meetings. One last thing, this is a high priority. They need those gift cards urgently.

Would this kind of request make you pause and wonder? Or would you quickly pull out your credit card to do as the message asked?

A surprising number of employees fall for this gift card scam. There are also many variations. Such as your boss being stuck in some regional location having run out of petrol or some other dire situation that only you can help with.

This scam can come by text message or via email. What happens is that the unsuspecting employee buys the gift cards and send the numbers back. Only discovering later that the real company CEO wasn’t the one that contacted them. It was a phishing scammer.

Without proper training, 32.4% of employees are prone to fall for a phishing scam.

Why Do Employees Fall for Phishing Scams?

Though the circumstances may be odd, many employees fall for the gift card scam. Hackers use social engineering tactics, manipulating emotions to get the employee to follow through on the request.

Some of these social engineering tactics illicit the following:

  • The employee is afraid of not doing as asked by a superior
  • The employee jumps at the chance to save the day
  • The employee doesn’t want to let their company down
  • The employee may feel they can advance in their career by helping

The scammer will also craft the message in a way to try to get the employee to act without thinking or checking, often including a sense of urgency. For example, the CEO needs the gift card details immediately. Also, the message will note that the CEO will be out of touch for the next few hours, decreasing the chance that the employee will try to contact the real CEO to confirm the validity of the text.

Tips for Avoiding Costly Phishing Scams

Always Double Check Non-Standard Requests

The message may state that the person who needs help is unreachable, but that should stop you from checking. If you receive any non-standard requests or anything relating to money, verify it. Double check with the person that it's legitimate.

Don’t React Emotionally

Scammers often try to get victims to act before they have time to think. Just a few minutes of sitting back and looking at a message objectively is often all that’s needed to realise it’s a scam. Don’t react emotionally, instead ask if this seems real or is it out of the ordinary.

Get a Second Opinion

Ask a colleague, or better yet, your company’s IT service provider, to take look at the message. Getting a second opinion keeps you from reacting right away. It can save you from making a costly judgment error. 

Need Help with Employee Phishing Awareness Training?

Phishing is getting more sophisticated all the time. Make sure your employee awareness training is up to date. Contact us to coordinate training for your team today.

Back to All News