Imagine yourself going about your daily tasks when suddenly, the CEO contacts you. They need your assistance as someone forgot to provide gift cards during a customer visit and need you to purchase six $200 gift certificates and send the details directly to the CEO.
The message sender guarantees you a reimbursement within 24 hours, though you won't have the chance to call them for two hours as they will be attending meetings. This is an urgent matter; they urgently require gift cards.
Can you pause and consider if this type of request indicates suspicion? Would you be tempted to reach for your credit card in order to comply with the request?
Surprisingly, many employees fall victim to this gift-card scam. There can be various variations involved; you might find yourself in an emergency situation like not having gas for your boss or helping another person who needs your assistance.
Text message or email scammers can be reached. Scammers buy gift cards from employees and then return the numbers received, only to discover that it wasn't the CEO of the company who reached out - it was actually a scammer!
The employee walks away with cash.
32.4% of employees are vulnerable to phishing scams if they lack proper training.
What causes employees to fall for phishing scams?
Even when circumstances appear unusual, employees often become victims of this gift-card scam. Hackers use social engineering techniques that play on emotions in order to manipulate employees into complying with their requests.
These social engineering techniques may lead to:
- Fear of being asked something by a superior.
- The employee eagerly accepts the chance to save the day.
- Employees strive for their company's success.
- An employee may feel they can advance in their career if they assist others.
The scam message is designed to incentivize employees to act quickly without hesitation, by conveying a sense of urgency. The CEO requires the details of the gift card right away, but unfortunately they will not be available for several hours. This reduces the likelihood that an employee will attempt contact with the CEO directly to confirm its validity.
Fraud in Illinois Commits $6,000 of Financial Losses Due to Fake CEO Email
This scam is unfortunately common and can lead to significant financial losses for employees who fall for it and purchase gift cards with their own funds, leaving the company unaccountable. If an employee falls victim to this fraud and purchases gift cards using personal funds, they are personally liable for any purchases made with those funds.
One woman from Palos Hills, Illinois, lost more than $6,000 after receiving an email from the CEO of her company which turned out to be a scam.
Her boss and the CEO sent an email purporting to reward employees who had gone above and beyond what was expected. According to this email, she was being sent gift certificates in recognition of her extra efforts.
The email ended with "Can I help you purchase gift cards today?" The boss was well known for his generous nature, so the request didn't seem out of character.
The woman purchased the gift cards she requested from Target and Best Buy, and was then instructed to send another photo of them. The message was straightforward: "Can we take a photo, I'm putting all this on a spreadsheet."
The scammer took possession of over $6,500 worth of gift cards that she purchased with stolen funds. When she went to see her boss a few days later, he wasn't aware of any requests she'd made regarding gift cards - thus leading her to realize that she had been taken advantage of.
How to Avoid Costly Phishing Scams
Always double-check unusual requests
No matter what message may say, always double-check it in person or via phone. Any unusual requests, especially money-related ones, should always be verified with other channels before trusting the source. To confirm if something appears legitimate, contact the individual via other communication channels.
Do not get emotionally worked up
Scammers often manipulate victims into taking action before they have time to think. Usually, it only takes a few minutes of objective consideration to realize a message is false and should be ignored. Instead of reacting emotionally, ask yourself whether this seems normal or if this is an attempted scam.
Get a Second Opinion
Ask someone in your network to take a look at it or, better yet, consult an IT service provider. Getting another opinion can be more valuable than making an immediate decision and could prevent costly errors in judgment.
Do You Need Assistance with Employee Phishing Awareness Training
Phishing is becoming more sophisticated every day. Make sure your employees stay up to date on their awareness training by calling us today to book a training session for your team to strengthen their defenses.