Is this really a text message from your CEO…or is it a scam?

Imagine you're going about your day when suddenly you receive a text from your CEO. The business owner is asking for your help. He's visiting clients, and someone else made a mistake by promising to provide gift cards. The CEO needs you to buy six $200 gift cards and text them back to him immediately.

The sender of the message promises to reimburse you by the end of the day. Oh, and by the way, you won't be able to reach him by phone for the next two hours because he'll be in a meeting. One last thing, it's important to understand that this is a priority. He needs those gift cards urgently.

Would this kind of request make you question this exchange, or would you quickly pull out your credit card to comply with his request?

A surprising number of employees fall for this gift card scam. There are also many variations of this scam technique . For example, your boss is supposedly stuck without gas or some other dire situation that only you can help.

This scam can come in the form of a text message or an email. The unsuspecting employee buys the gift cards and then sends them to the number. They later discover that the real CEO of the company wasn't the one who contacted them. It was a phishing scammer.

The employee is now short of money.

Without proper training, 32.4% of employees are likely to fall for a phishing scam.

Why do employees fall victim to phishing scams?

Although the circumstances may be strange, many employees fall for this gift card scam. Hackers use social engineering tactics . They manipulate emotions to get the employee to complete the request.

Some of these illicit social engineering tactics are:

• The employee is afraid of not doing as requested by his superior
• The employee jumps at the chance to save the day
• The employee does not want to let his company down
• The employee may feel that he can advance in his career by helping out

The scam message is also designed to trick the employee into acting without thinking or checking. This includes a sense of urgency. The CEO needs the gift cards immediately. Additionally, the message states that the CEO will be offline for the next few hours. This reduces the chances that the employee will try to contact the CEO to verify the validity of the message.

Illinois woman scammed out of over $6,000 by fake CEO email

Variations of this scam are common and can result in significant financial losses. A company is not liable if an employee falls for a scam and purchases gift cards with their own money.

In one example , a woman in Palos Hills, Illinois, lost more than $6,000 after receiving an email request from someone she thought was the CEO of her company.

The woman received an email claiming to be from her superior , the company's CEO. It stated that her boss wanted to send gift cards to selected employees who had gone above and beyond.

The email ended with, "Can you help me buy some gift cards today?" The boss had a reputation for being great with employees, so the email didn't seem out of place.

The woman purchased the requested gift cards at Target and Best Buy . She then received another request to send a photo of her cards. Again, the wording of the message was very believable and non-threatening. It simply said, "Can you take a picture, I'll put it all on a spreadsheet."

The woman ended up purchasing over $6,500 in gift cards, which the scammer then stole . When she saw her boss later, her boss knew nothing about the gift card request. The woman realized she was being scammed.

Tips to Avoid Costly Phishing Scams

Always check for unusual requests

Despite what a message might say about being unreachable, still check in person or by phone. If you receive unusual or financial requests, verify them. Contact the person through other means to ensure it's legitimate.

Don't react emotionally

Scammers often try to trick victims into taking action before they have time to think. It often only takes a few minutes to sit down and look objectively at a message to realize it's a scam. Don't react emotionally; instead, ask if it seems real or out of the ordinary.

Get a second opinion

Ask a colleague, or better yet, your company's IT service provider, to read the message. Getting a second opinion prevents you from reacting impulsively. This can prevent you from making a costly error in judgment.

Need help with employee phishing awareness training?

Phishing is becoming increasingly sophisticated. Make sure your employees' awareness training is up to date. Contact us today to schedule a training session to strengthen your team's defenses.

About Nexxo

Nexxo Computer Solutions specializes in providing IT and technology services to Quebec businesses. Its mission is to offer Quebec companies IT services tailored to their needs. Acting as an external IT department, it handles all of a company's IT tasks, allowing it to focus on its business activities. It achieves this by collaborating closely with its clients and putting their interests at the center of its concerns.