Cybersecurity

Is That Really a Text from Your CEO, or Is It a Scam?

May 2, 2023

Imagine you are going about your day when you receive a text from the CEO. The head of the company is asking for your help. They are out doing customer visits and someone else dropped the ball in providing gift cards.

The message sender promises to reimburse you before the end of the day, and notes that they will be unreachable by phone for the next two hours due to meetings. One last thing: this is high priority and urgent.

Would this kind of request make you pause and wonder? Or would you quickly pull out your credit card to do as the message asked?

A surprising number of employees fall for this gift card scam. There are many variations, such as your boss being stuck without gas or in some other situation that only you can help resolve. This scam can arrive by text message or email. The unsuspecting employee buys the gift cards, sends the numbers back, and later discovers that the real company CEO never contacted them.

It was a phishing scammer. The employee is out the cash. 4% of employees are prone to falling for a phishing scam.

Why Do Employees Fall for Phishing Scams?

Though the circumstances may seem unusual, many employees fall for this gift card scam because attackers use social engineering tactics to manipulate emotions. These tactics may cause an employee to feel afraid of not doing as asked by a superior, eager to jump at the chance to save the day, unwilling to let their company down, or hopeful that helping will advance their career.

The scam message is also crafted to get the employee to act without thinking or checking. It includes a sense of urgency and notes that the CEO will be out of touch, which decreases the chance the employee will try to verify the request with the real CEO.

A Real Example: Illinois Woman Scammed Out of More Than $6,000.

Variations of this scam are prevalent and can lead to significant financial losses. A company is generally not responsible if an employee falls for a scam and purchases gift cards with their own money. In one example, a woman from Palos Hills, Illinois lost over $6,000 after receiving an email request from who she thought was her company's CEO.

" Her boss had a reputation for being generous to employees, so the email did not seem out of character. She bought the requested gift cards from Target and Best Buy, then received a follow-up request to send photos of the cards, phrased in a believable and non-threatening way.

She ended up purchasing over $6,500 in gift cards before discovering, when she saw her boss in person, that none of it had been requested. She had been the victim of a scam.

Tips for Avoiding Costly Phishing Scams.

Always Double-Check Unusual Requests. Despite what a message might say about someone being unreachable, verify in person or by phone anyway. If you receive any unusual request, especially one involving money, contact the person through a separate channel to confirm it is legitimate.

Do Not React Emotionally. Scammers try to get victims to act before they have time to think. Just a few minutes of sitting back and looking at a message objectively is often all that is needed to recognize a scam. Ask yourself whether the request seems realistic or out of the ordinary.

Get a Second Opinion. Ask a colleague, or better yet, your company's IT service provider, to take a look at the message. Getting a second opinion keeps you from reacting immediately and can save you from making a costly judgment error.

Need Help with Employee Phishing Awareness Training?

Phishing keeps getting more sophisticated. The team at Cyber One Solutions can help make sure your employee awareness training is current and effective. Contact us today to schedule a training session to shore up your team's defenses.