Picture this: you’re going about your day when suddenly, you receive a text from your company’s CEO. They’re out on important customer visits, and they need your help to get some gift cards. Specifically, they need six gift cards worth $200 each, and they need the info sent over ASAP.
But there’s a catch – the CEO won’t be available by phone for the next couple of hours, he is in a meeting, and this is a high-priority request. The pressure is on, and you’re left wondering if this is a legitimate request or a sneaky scam.
Sounds fishy, right?
Unfortunately, this type of gift card scam is all too common, and it preys on people’s willingness to help. Scammers impersonate high-level executives and use urgency and authority to pressure you into doing something you might not normally do – like buying gift cards and sending the info over via text or email.
The scammers can reach you via text, email, or even a phone call.
With some clever social engineering, they’ll make the request seem urgent and legitimate. And if you fall for the scam and purchase the gift cards, you’ll likely be asked to share the card numbers or PINs, allowing the scammers to use the funds without a trace.
By the time you realize it’s a scam, it may be too late to recover your money or prevent further damage. That’s why it’s critical to stay alert and cautious when you receive an unusual request, especially one involving money or sensitive information.
Without proper training, 32.4% of employees are prone to fall for phishing scams, including gift card scams.
Lack of Awareness: Many employees may not understand what phishing is and how it works. Phishing attacks are designed to trick individuals into divulging sensitive information like login credentials, credit card details, or personal identification information (address, date of birth, social insurance number, and so on). Without proper awareness of these tactics, employees may be more vulnerable to falling for scams. It is important for employers to provide regular cybersecurity awareness training to their employees to help them easier identify scams.
Urgency: Gift card scams often create a sense of urgency that demands the employee’s immediate attention. Urgency can take many forms. It can be threatening to block an account or access to a service, claiming that a system has been compromised or hacked, or offering an opportunity to win a prize. By creating a sense of urgency, attackers hope to distract employees from thinking critically about the email and to act without verifying the information.
Curiosity: Gift card scams may also play on an employee’s curiosity or desire for something of value. Attackers may use clickbait subject lines or promises of exclusive content to entice employees to click on a link or download an attachment. Curiosity can override an employee’s sense of caution, making them more likely to fall for a phishing scam.
Social Engineering: Gift card scams may use social engineering techniques to gain the trust of the employee. Social engineering is the practice of manipulating individuals into giving out sensitive information or performing actions they shouldn’t. Scammers may impersonate a trusted person, like a coworker, supervisor, or IT support staff, to increase the likelihood of success. Social engineering tactics may include exploiting emotions like fear or sympathy, using flattery or authority, or creating a sense of urgency.
Lack of Training: Employees may not have received adequate training on how to identify and report phishing. Cybersecurity training should be provided regularly to help employees recognize the signs of phishing, including suspicious emails, unsolicited requests for information, and fake login pages. Training should also emphasize the importance of reporting suspicious activity to the IT department as soon as possible.
Complexity: Phishing attacks can be highly sophisticated and use advanced tactics, such as creating fake websites, using lookalike domains, and spoofing legitimate email addresses, to deceive employees. Even experienced employees can fall victim to these complex scams, making it important to provide regular training on how to identify and report phishing attempts. By educating employees on common signs of phishing attacks, such as misspelled URLs or suspicious email addresses, organizations can help them to avoid falling for these complex and dangerous scams.
A recent incident in Palos Hills, Illinois has brought to light the prevalence and danger of gift card scams. A woman fell victim to a sophisticated phishing scheme after receiving an email that appeared to be from her company’s CEO. The email, which purported to recognize outstanding employees, requested the purchase of several gift cards from popular retailers such as Target and Best Buy.
The email closed with the simple request, “Can you help me purchase some gift cards today?” As the CEO was known to be an advocate for employee recognition, the message seemed plausible and the woman proceeded to purchase the requested gift cards. Subsequently, the woman received another request, this time asking for a photo of the card information for a “spreadsheet.”
After providing the requested information, the woman was dismayed to discover that the entire interaction had been a fraud and that the scammer had stolen over $6,500 worth of gift cards. When the woman approached her CEO to discuss the issue, she was informed that the company had no record of the email or gift card requests. This unfortunate incident serves as a cautionary tale for individuals and companies alike, highlighting the importance of maintaining a healthy skepticism when receiving unexpected or unusual requests for sensitive information.
Gift card scams like these can have devastating financial consequences for individuals who fall for them. It’s important to note that if an employee is tricked into purchasing gift cards with their own money, the company can not be held responsible for the loss.
Always double-check any unusual requests, especially those related to money. Scammers may claim that they are unreachable or that something terrible will happen if you don’t act immediately. However, it’s important to take a step back and verify the request before taking any action. Always double-check the legitimacy of the request by contacting the possible sender through other means, like phone, text message, or in person.
Scammers often try to get victims to act before they have time to think, they want you to act impulsively. They will try to create a sense of urgency, make a victim panic, or appeal to emotions such as greed, fear, or sympathy.
Instead, try to detach yourself from the emotional content of the message and ask yourself – “Is it legitimate?”. Usually, a few minutes of sitting back and looking at a message objectively is all that is needed to realize – yeah, that it’s a scam.
If you receive a message or request that seems suspicious or too good to be true, don’t hesitate to seek a second opinion from someone you trust. This could be a colleague, a manager, or your company’s IT department. By getting a second opinion, you can evaluate the request more objectively and identify any red flags or signs of a potential scam. It’s always better to be safe than sorry.
Phishing attacks are becoming increasingly sophisticated, and it only takes one unsuspecting employee to compromise your company’s security. But how can you ensure that your employees are equipped to identify and avoid these attacks?
At EB Solution, we specialize in providing comprehensive phishing awareness training to businesses of all sizes. Our expert team can help you develop a customized training program that will educate your employees on the latest phishing techniques and best practices for staying safe online.
Don’t leave your company’s security to chance. Schedule a call with one of our experts today and take the first step towards protecting your business from phishing attacks.