Imagine you’re going about your day when suddenly you receive a text or email from the Managing Director. The head of the company is asking for your help. They’re out doing customer visits and someone else dropped the ball in providing gift cards. The Managing Director needs you to buy six £200 gift cards and text or email the information right away.
The message sender promises to reimburse you before the end of the day. Oh, and by the way, you won’t be able to reach them by phone for the next two hours because they’ll be in meetings. One last thing, this is a high priority. They need those gift cards urgently.
Would this kind of request make you pause and wonder? Or would you quickly pull out your credit card to do as the message asked?
A surprising number of employees fall for this gift card scam. There are also many variations. Such as your Managing Director being stuck without gas or some other dire situation that only you can help with.
This scam can come by text message or via email. What happens is that the unsuspecting employee buys the gift cards. They then send the numbers back. They find out later that the real company Managing Director wasn’t the one that contacted them. It was a phishing scammer.
The employee is out of the cash.
Without proper training, 32.4% of employees are prone to fall for a phishing scam.
Why Do Employees Fall for Phishing Scams?
Though the circumstances may be odd, many employees fall for this gift card scam. Hackers use social engineering tactics. They manipulate emotions to get the employee to follow through on the request.
Some of J700 Groups top social engineering tactics illicit the following:
- The employee is afraid of not doing as asked by a superior
- The employee jumps at the chance to save the day
- The employee doesn’t want to let their company down
- The employee may feel they can advance in their career by helping
The scam’s message is also crafted in a way to get the employee to act without thinking or checking. It includes a sense of urgency. The Managing Director needs the gift card details right away. Also, the message notes that the Managing Director will be out of touch for the next few hours. This decreases the chance the employee will try to contact the real Managing Director to check the validity of the text or email.
Blackburn Woman Scammed Out of More Than £6,000 from a Fake Managing Director Email
Variations of this scam are prevalent and can lead to significant financial losses. A company isn’t responsible if an employee falls for a scam and purchases gift cards with their own money.
In one example, a woman from Blackburn, Lancashire lost over £6,000. This was after getting an email request from who she thought was her company’s, Managing Director.
The woman received an email purporting to be from the company’s Managing Director. It stated that the Managing Director wanted to send gift cards to some selected staff that had gone above and beyond.
The email ended with “Can you help me purchase some gift cards today?” The Managing Director had a reputation for being great to employees, so the email did not seem out of character.
The woman bought the requested gift cards from Tesco and Marks & Spencer. Then she got another request asking to send a photo of the cards. Again, the wording in the message was very believable and non-threatening. It simply stated, “Can you take a picture, I’m putting this all on a spreadsheet.”
The woman ended up purchasing over £6,000 in gift cards that the scammer then stole. When she saw her Managing Director a little while later, her Managing Director knew nothing about the gift card request. The woman realized she was the victim of a scam.
Tips for Avoiding Costly Phishing Scams
Always Double Check Unusual Requests
Despite what a message might say about being unreachable, check in person or by phone anyhow. If you receive any unusual requests or one relating to money, verify it. Contact the person through other means to make sure it’s legitimate.
Don’t React Emotionally
Scammers often try to get victims to act before they have time to think. Just a few minutes of sitting back and looking at a message objectively is often all that’s needed to realize it’s a scam. Don’t react emotionally, instead ask if this seems real or is it out of the ordinary.
Get a Second Opinion
Ask a colleague, or better yet, your company’s IT service provider, to take look at the message. Getting a second opinion keeps you from reacting right away. It can save you from making a costly judgment error.
Need Help with Employee Phishing Awareness Training?
Phishing keeps getting more sophisticated all the time. Make sure your employee awareness training is up to date. Give one of our team at J700 Group, based Lancashire a call today to schedule a training session to shore up your team’s defenses.
J700 Group are a Lancashire-based, family-run, professional and responsive, Managed Solutions Provider helping Businesses, to utilise Innovative IT Consultancy Services, Cloud Solutions, Cyber Security, Microsoft 365, Telecoms, Web Design and SEO solutions to propel their organisation to the next level and beyond.
As an experienced IT Support Provider, helping businesses across Lancashire & Manchester, if you need any assistance with your IT including IT Hardware, a Disaster Recovery Policy or Managed Backup Solutions please get in touch with one of our team
Where to find us: Prinny Mill Business Centre, 68 Blackburn Road, Haslingden, Lancashire, BB4 5HL
#Phishing #PhishingScams #PhishingAwareness #Smishing #ITSecurity