I Almost Fell For It, So Could You
Gift card scams are prevalent right now. Supposed CEO's and bosses everywhere are sending legitimate-looking emails to their employees, asking them to provide sensitive information or make a financial transaction. And I almost fell for one.
Recently, my boss sent me a series of emails with the following messages:
Let me know if you are available. I have an errand I need you to run for me today.
I am in a meeting right now. I need you to run an errand for me at any Walmart, CVS, Target, Walgreens or Best Buy near you. I need Amazon gift cards to send out to a client today. Confirm if you can handle this?
I will need 30 qty of $100 worth Amazon Gift Cards. When you get the physical cards, you should scratch-off the back code and email a clear picture of all the codes because I am sending them out to a client. It is urgent and important.
I was out of the office, so I actually received these emails on my smartphone. My boss's name was the sender, so at first, I didn't question it. (I later realized that had I looked at it on my laptop, I would have noticed that the sender email was not my boss's.)
We had a few back-and-forth emails confirming details and then it hit me. My boss NEVER says anything is urgent and important. It's just not how he speaks. Then I realized that for this type of request, he would have called and spoken to me rather than email or text. It's $3000, after all.
I texted him and asked if he really had sent me the emails and his answer was no, he didn't know anything about them. And I ALMOST fell for it!
The bad guys are getting creative with hybrid giftcard/CEO Fraud scams. There is a massive campaign underway where they are impersonating an executive and urgently ask for gift cards to be bought for customers. The numbers need to be emailed or texted to the boss, after they are physically bought at stores. Never comply with a request like that and always confirm using a live phone call to make sure it's not a scam. Sometimes it's OK to say "no" to the boss!
According to an article published by KnowBe4, one in every one hundred emails is now a hacking attempt.The attacks are easy to carry out especially if the recipient is using a smartphone. Read more here
The takeaway: train your employees on how to spot a phishing email and what to do if they get one.