Your phone vibrates. A text, from your CEO. Your head of the company is asking for your help. Of course, they’re out doing customer visits and someone else dropped the ball in providing gift cards. The CEO needs you to run and acquire six $200 gift cards and text them the card information right away – this situation pops up for clients of managed service providers all too often.
Your kind “CEO” promises to reimburse you before the end of the day. Make sure you don’t try to give them a call though, because they’ll be in meetings for the next two hours. The most important fact: This is a high priority task. They need those gift cards yesterday.
Does this kind of request make you pause and contemplate? Or, do you pull out your credit card to do as the message asked?
A shocking number of employees fall for this gift card scam and the many other variations. Your boss might have forgotten their wallet and now needs you to send them some money because they’re stuck without gas. It’s obviously a situation in which only you can help.
These scams come by both text message and email. Once the numbers are sent back, they find out that the real company CEO wasn’t the one that contacted them at all. It was a scam, and the employee is out that cash.
An alarming statistic: 32.4% of employees are prone to fall for a phishing scam without proper training.
So Why Do Employees Get Scammed?
Hackers often use social engineering tactics to manipulate emotions to get the employee to follow through on the request.
These tactics can illicit the following feelings:
· Fear of not doing as asked by a superior
· Pride at the chance to save the day
· Shame that they could let their company down
· Excitement at the chance to advance their career by helping
The scam’s message is often crafted in a way to get the employee to act without thinking or checking. It almost always includes a sense of urgency. A telltale sign is the CEO needing the gift card details right away. Another valid sign is notating that the CEO will be out of touch for the next few hours. This decreases the likelihood that the employee will try to contact the real CEO to check the validate the message.
Variations of this scam are everywhere and can lead to significant financial losses. A company isn’t on the hook if an employee falls for a scam and purchases gift cards with their own money, leaving the employee out of luck.
In one example, a woman from Palos Hills, Illinois lost over $6,000. The woman received an email impersonating her boss and CEO. Her “boss” wanted to send gift cards to some selected staff that had gone above and beyond.
The email ended with “Can you help me purchase some gift cards today?” As the boss happened to have a reputation for being very kind to employees, the email did not seem out of character.
The woman bought the requested gift cards from Target and Best Buy. She received a second request asking to send a photo of the cards, simply stating, “Can you take a picture, I’m putting this all on a spreadsheet.”
The woman ended up purchasing over $6,500 in gift cards. When she spoke to her boss a little while later, her boss knew nothing about the gift card request. The woman then realized she was the victim of a scam.
Tips for Avoiding Costly Phishing Scams from a Managed Service Provider
Always Double Check Unusual Requests
Despite what a message might say about being unreachable, always check in person or by phone regardless. If you receive any requests relating to money, verify it. Contact the person through other means than the sender device to make sure it’s legitimate.
Don’t React Emotionally
Scammers often try to get victims to act before they have time to think. Sitting back and looking at a message objectively is often all that’s needed to realize it’s a scam. Don’t react emotionally – instead, inventory if this is out of the ordinary.
Get a Second Opinion
Ask a colleague, – or better yet – a company like us, to take look at the message. Getting a second opinion prevents you from reacting right away. It can save you from making a costly judgment error.
Connect with us at www.traveltechsupport.com!