Suppose you are going about your regular day when all of a sudden the CEO sends you a text. The company’s CEO is requesting your assistance. They are too busy dealing with customer visits and someone else botched the gift card delivery. You must purchase 6 $200 gift cards right away! This is where you should think “is that text from your CEO really a scam?”
The person messaging assures you they will reimburse you by end of day. Oh, and by the way, they’ll be in meetings for the next two hours and won’t be available on the phone. One more thing, this task is really important and you must buy the gift cards ASAP.
Would this request make you stop and think? Or would you immediately reach for your credit card to follow instructions?
A surprising amount of employees fall for this gift card scam. There are plenty of variations too. For instance, your boss might be in a desperate situation where there is no gas and you are the only one who can help.
This scam can come from a text message or via email. The clueless employee ends up purchasing the gift cards and messaging the numbers back. Later, they learn that the person on the other end of the message wasn’t the CEO. A phishing scammer is to blame.
And the employee is out of cash.
Without the proper training, 33% of employees are prone to falling for this scam.
Why Do These Phishing Scams Work?
Though this may seem like an off scenario, there are a lot of employees who fall for this gift card scam. Hackers are using social engineering methods to persuade employees to comply with the request. They are playing on emotion.
Here’s what social engineering tactics accomplish:
- The employee is scared to fail a superior’s request
- The employee sees this as an opportunity to save the day
- The employee doesn’t want to let their company down
- The employee believes that by helping, they can move up in their job
The message is purposely written in such a way to persuade the employee to take action without second thought. There is always a sense of urgency. The CEO urgently needs the gift card information. The message also mentions the CEO won’t be available for a few hours. The employee is less likely to try and get in touch with the actual CEO to inquire if the message was legitimate or not.
How to Avoid a Costly Phishing Scam
Always Second Guess Strange Requests
Even is the message states the person is unreachable, always check in person or by phone. Verify any strange requests, especially ones that involve you spending your own money. Always try to get in touch with the person to make sure the request is valid.
Keep Your Emotions In Check
A scammer’s goal it to get their victims to act without thinking. Often, all it takes to recognize a message is a scam is a few moments of thought and an objective eye. Instead of reacting on emotions, first, consider whether this message seems real or unusual.
Get a Second Opinion
Get a coworker to look through the message, or even better, ask your company’s IT service provider. Getting a second opinion helps you avoid making a snap decision. It might save you from making an expensive mistake.
Need Help Training Employees on Phishing Awareness?
Phishing scams are constantly evolving and becoming more complex. Make sure your employees are up to date on training. To set up a training session that will strengthen your team’s defenses, give us a call today.
If you’d like to learn more about what’s new in the tech world, follow our blog!
STG IT Consulting Group proudly provides IT Services in Greater Los Angeles and the surrounding areas for all your IT needs.