Is That Really a Text from Your Director… or is it a Scam?

Cyber Security
Written By Harry Coureau

Imagine this: you’re working away when suddenly a text pops up from your Director. They urgently need your help. Apparently, they’re on customer visits, and someone else has dropped the ball on providing gift cards. Now it’s up to you to save the day. The request? Buy six £150 gift cards and send over the codes straight away.

The sender assures you that you’ll be reimbursed by the end of the day. But they add a twist - don’t try to call, as they’ll be in meetings for the next two hours. Oh, and it’s a high priority. No time to waste.

Would you pause to question the message, or would you act quickly to avoid disappointing the boss?

Surprisingly, many employees fall for this type of scam. Variations abound—sometimes it’s a plea for fuel money, or another supposed crisis that only you can solve. These phishing scams often arrive via text or email, leaving unsuspecting employees footing the bill.

Without proper training, a shocking 32.4% of employees are likely to fall for phishing scams.

Mail Phishing Scam graphic

Why Do Employees Fall for Phishing Scams?

Gift card scams like this one use sophisticated social engineering tactics. Hackers manipulate emotions, preying on an employee’s instinct to comply with authority or be helpful.

Some common psychological triggers include:

  • Fear of disobeying a superior.

  • The desire to "save the day."

  • Worry about letting the company down.

  • Hope that helping might earn career advancement.

These scams are carefully crafted to create a sense of urgency and discourage verification. For example, the message often claims the sender will be “unreachable” for a period, reducing the chance of checking with the actual Director.

Real-Life Example: Employee Loses Nearly £5,000 from a Fake CEO Email

This type of scam can result in devastating financial losses. In most cases, employers aren’t responsible if an employee spends their own money on gift cards.

One real-life example involves an employee from Illinois, United States, who lost more than $6,000 USD (equivalent to £4,800). She received an email, supposedly from her Director, asking her to buy gift cards as a reward for hard-working staff.

The request seemed in character for her boss, who had a reputation for being generous. After buying the cards, she was asked to send photos of the codes. By the time she realised the request was fake, she had already sent over $6,000 worth of gift cards.

Tips to Avoid Costly Phishing Scams

Scammers are getting more creative by the day, but you can outsmart them with a few simple steps:

Always Double-Check Unusual Requests

Even if a message insists the sender is unreachable, verify the request. Pick up the phone, visit their office, or use an alternate method to confirm it’s legitimate. Suspicious money-related requests should always be verified.

Don’t React Emotionally

Phishing scams rely on making you act fast without thinking. Take a moment to assess the situation logically. Does the request seem normal, or is it out of character? A quick pause can make all the difference.

Get a Second Opinion

Before taking action, show the message to a colleague or your IT service provider. A second opinion can help you spot inconsistencies and avoid costly mistakes.

Need Help with Phishing Awareness Training?

Phishing attacks are becoming increasingly sophisticated. Is your team prepared? Security awareness training is your best defence against these schemes.

At Pulse4, we specialise in helping businesses protect themselves from scams and cyber threats. Get in touch today to schedule a training session and strengthen your team’s cybersecurity defences.

Licencing and Attribution: Image licensed under Pixabay Content Licence.
Image Source 1: https://pixabay.com/vectors/mail-phishing-scam-spam-spam-mail-7149606/

Harry Coureau
Previous

Why Use a Password Manager?
Next

Top 5 New Trends from a Study on the State of AI at Work