- Solutions For
Specialist IT Support Services for:
- Security
Security
- Our Expertise
Our Full Range of IT Services
Service Desk
IT Infrastructure
Remote Monitoring
Cloud Solutions
Business Continuity & Backups
Cyber Security
IT Consultancy
Microsoft Office 365
Perimeter Firewall Security
Network and Data Security
IT Audits
Dark Web Monitoring
User Awareness Training
Endpoint Security
vCIO/CIO
Mobile Device Management
Managed Wi-Fi SolutionsPosted 20th March 2023
Cyber criminals are always trying new ways to trick people into handing over personal or sensitive information or money.
You may have heard of a scam like this happening to someone you know or a friend of a friend – and it's becoming more common by the month. People may receive a text or an email from the MD of the business they work for or someone in senior management. The person needs some help – they need you to purchase several e-gift cards for them online, and they promise to reimburse you for the cost within a few hours. They may also say they won't be contactable for a few hours, so time is of the essence when purchasing these gift cards.
How many of us would stop and think if this was a legitimate request? If everything with the message looks above board, most of us would like to get the job done quickly to please our manager.
In this scam, the employee purchases the e-gift cards and sends the gift card details in response to the text and email received but later finds out that the manager didn't contact them. It was what is known as a "phishing scammer". It means that the employee is out of pocket.
You may be reading this thinking you'd never fall for something like this. However, many employees do fall for this exact scam. Why? Well, cybercriminals are very clever at using social engineering tactics – effectively manipulating the employee's emotions to ensure that the employee follows through on the request.
Such social engineering tactics mean that employees often do what they are asked. After all, they're worried about not doing what has been requested, because they don't want to let their MD or Manager down, or because they may feel like they can prove their efficiency quickly.
The scam is devised in such a way as to ensure the employee buys the gift cards without thinking or checking anything out because it often includes a sense of urgency. Because the Manager "needs" the gift card details immediately and will be out of contact for a few hours, the chances of the employee contacting the manager to check things out are minimal.
In August 2021, the BBC reported that several UK-based companies had fallen victim to gift card scams. In one case, an employee received a text message that appeared to be from their CEO, asking them to buy gift cards for clients. The employee purchased the gift cards and sent the details to the fraudster, who then redeemed the gift cards. The organisation lost several thousand pounds as a result.
Always Double Check Unusual Requests
Even though the text or email may say that the "MD" is unreachable, check. Give them a call or video call them. Always verify requests received by contacting the person via another means.
Take the Emotion Out of It
When you receive a request like this, stay calm and level-headed. Because phishing scammers try to get victims to act before they have time to think, take a few minutes to look at the message objectively. Sometimes this is all that is needed to realise that it could be a scam.
Ask Someone Else for Their Opinion
Mention what you've received to a colleague or your IT provider. They can have a detailed look at the message. Getting a second opinion may save you from making a well-intentioned yet costly mistake.
Do You Need Help with Employee Phishing Awareness Training?
It's well-known that phishing scams like these keep getting more sophisticated. Ensuring that your employees are aware of issues like this is vital. Regular training can help to develop and further their knowledge.
Employee phishing awareness training is critical for staff because it can help prevent cybersecurity incidents that can lead to significant financial loss, legal liability, and reputational damage for organisations. The training can help staff members recognise and avoid common types of cyber-attacks, including phishing scams, ransomware, and social engineering. They can learn how to create strong passwords, identify suspicious emails and links, report incidents, and securely handle sensitive data.
Additionally, user awareness training can help foster a culture of cybersecurity within an organisation. When employees are aware of the risks and understand their role in preventing cybersecurity incidents, they are more likely to be vigilant and take proactive measures to protect the company's digital assets.
User awareness training can save an organisation significant costs associated with data breaches, such as legal fees, regulatory fines, and reputational damage. It also helps create a safer and more secure digital environment for everyone within the organisation.
Get in touch to learn how your business can implement Staff Security Awareness Training.
