How Prone Is Your Team to Falling for the Gift Card Scam?
Imagine one of your employees in in the middle of their workday when they receive a text from someone pretending to be you. The impersonator explains that you are in the middle of an important meeting but you forgot to purchase gift card rewards to hand out during the meeting. They then ask your employee to purchase seven separate $100.00 gift cards and to text over the card information as soon as possible.
Would your employee save the day by placing the orders and sending over the information, or would they know to stop and confirm that it’s actually you making the request?
Unfortunately, hundreds (if not thousands) of people fall for this and very similar scams every day. The scammer convinces the victim to buy gift cards and send over the card numbers, only to find out later that they were scammed. Sometimes they ask that the gift cards be purchased with company expense cards or accounts, while other times they specifically request the purchase be made on personal cards with the promise of reimbursement.
Reading this you’re probably thinking you’d never fall for a scam as straightforward as this, but we promise people fall victim to this scam all the time, otherwise the malicious actors wouldn’t keep repeating it.
Why are these types of scams so successful?
It may seem unlikely, but employees fall for the gift card scam all the time. Malicious actors are getting more sophisticated in their attacks every day, and they use several different social engineering tactics to achieve their objectives. Usually these tricksters aim to manipulate employees' emotions to get them to take action without thinking.
Here are a few ways they go about the process:
Preying on the fear of not following orders from a supposed boss, manager, or superior
Pitching the idea of being a hero by "saving the day"
Guilt-tripping employees for not wanting to disappoint their company or the team
Playing to the ambition of advancing in one's career by "helping out"
The scam message is also usually crafted to create a sense of urgency, urging the employee to act quickly without taking time to verify the information. It often claims that the CEO needs the gift card details ASAP and will be out of touch or busy in a meeting, making it less likely that the employee will attempt to contact the actual CEO to confirm the request.
Essential Tips to Help Your Team Guard Against Successful Phishing Attempts
Be wary of unsolicited emails or messages: If you receive an email or message from an unfamiliar source or through an unusual channel, be cautious. Don't click on any links or download any attachments unless you are certain of the sender's identity.
Verify the sender's email address: Phishing emails often mimic legitimate emails from well-known companies or organizations. Check the sender's email address carefully to make sure it is from a legitimate source (is that ‘I’ an ‘I’ or an ‘L’?).
Look out for red flags: Phishing emails often contain urgent or threatening language. Be wary of emails that ask you to enter personal or financial information, especially those that convey a since of urgency.
Enable two-factor authentication: This adds an extra layer of security to your accounts, making it more difficult for hackers to access your information, even if passwords are provided.
Educate yourself and your colleagues: Stay informed about the latest phishing tactics and educate yourself and your colleagues on how to avoid falling for them.
Be cautious of unexpected attachments or links: Be wary of attachments or links, even if they seem to come from a trusted source. If you are unsure, don't open the attachment or click on the link.
Train and test your team: Make sure your testing both yourself and your team with simulated phishing campaigns on a regular basis. These campaigns not only keep you and your team on their toes, they also identify where the ‘weak spots’ may be in the organization. Areas where additional training may be warranted.
Remember, if an email or message seems too good to be true or asks for personal or financial information, it is likely a phishing attempt. Stay vigilant and help protect your information.
Need Help with Phishing Awareness Training?
Phishing attempts are getting more and more sophisticated every day. Make sure your team’s awareness training is up to date. Give us a call today to schedule a training session to shore up your team’s defenses.