Meet Alex he is about to fall for a phishing message. He’s an up-and-coming employee at a prestigious company. He works hard, puts in the hours, and always strives to impress his boss.
One day, Alex receives a text from the boss himself. The message reads: “Hey Alex, it’s the boss. I need your help with something urgent. I’m in a meeting right now, but I need you to buy ten £100 gift cards and send me the information right away. This is really important, and I promise to reimburse you as soon as possible.”
Alex is thrilled that the CEO has reached out to him personally. He jumps in his car, drives to the nearest supermarket, pulls out his credit card, and buys the gift cards as requested. He sends the numbers back to the CEO and waits for his reimbursement.
But as time goes on, Alex realises that something is not right. He hasn’t received his reimbursement, and when he goes to check with the CEO, he finds out that the CEO never sent him the initial text. Instead, he was the victim of a gift card fraud.
Alex feels embarrassed and foolish for falling for the fraud. He learns a valuable lesson about being cautious when receiving unexpected requests for money or information. From that day forward, he makes sure to double-check any such requests with his boss or other superiors before taking any action.
Evidence shows that without proper training, 32.4% of employees are prone to fall for a phishing scam.
Why Do Employees Fall for Phishing Scams?
Though the circumstances may be odd, many employees fall for this gift card scam. Hackers use social engineering tactics. They manipulate emotions to get the employee to follow through on the request.
Some of these social engineering tactics illicit the following:
- The employee is afraid of not doing as asked by a superior
- The employee jumps at the chance to save the day
- The employee doesn’t want to let their company down
- The employee may feel they can advance in their career by helping
The scam’s message is also crafted in a way to get the employee to act without thinking or checking. It includes a sense of urgency. The CEO needs the gift card details right away. Also, the message notes that the CEO will be out of touch for the next few hours. This decreases the chance the employee will try to contact the real CEO to check the validity of the text.
Tips for Avoiding Costly Phishing Scams
Always Double Check Unusual Requests
Always verify unusual or money-related requests, even if a message claims the sender is unavailable. Check in person or by phone to ensure the request is legitimate before taking action.
Don’t React Emotionally
Scammers prey on quick reactions. Take a few minutes to analyze any suspicious message. Ask yourself if it’s typical or out of the ordinary. Avoid emotional responses and stay objective. A little bit of reflection can save you from falling for a scam.
Get a Second Opinion
Ask a colleague, or better yet, your company’s IT service provider, to take look at the message. Getting a second opinion keeps you from reacting right away. It can save you from making a costly judgment error.
SLAM
Follow the SLAM method to improve your detection of phishing messages.
Need Help with Employee Phishing Awareness Training?
Phishing keeps getting more sophisticated all the time. Make sure your employee awareness training is up to date. Give us a call today to schedule a training session to shore up your team’s defenses.