Today, a new CEO fraud phishing scam surfaced, whereby criminals are tricking users into purchasing $4000 in gift cards. Here’s what you need to know about this latest campaign:
Latest CEO Fraud Scam Details
- The bad guys impersonate the CEO of a business, using their name and a fake email address to contact employees. If recipients aren't careful enough when reviewing emails, they can overlook the fraudulent email address.
- In the email body, the scammer expresses urgency, claiming that they are swamped and need your help with a project asap.
- The criminals then strive to establish a trustworthy pretext for employees, alleging that the plan involves purchasing gifts to celebrate the team's hard work. Next, they request that the project remains in confidence, building trust while simultaneously ensuring the victim doesn't inform any coworkers about the request and potentially triggering any red flags.
- The scammer tasks the employee with buying $4000 worth of physical gift cards at stores and then emailing or texting the numbers to "the boss." Note that the average range for these gift card phishing schemes varies from $500-$2000.
- At the conclusion of the email, the criminal offers the recipient to keep one of the gift cards, incentivizing the plot to motivate the victim to comply. In actuality, this is a ploy that, in a way, endeavors to turn the victim into an accomplice.
This version of CEO fraud is a brief, intelligent bribe urging recipients to complete a task that is mutually beneficial.
How many of your employees would leap at the opportunity to receive a crisp $200?
Regrettably, our guess is more than a couple.
Prevention Techniques
Without proper cybersecurity awareness training, a single email could convince one of your employees to send money to a cybercriminal. As a best practice, never adhere to demands similar to the one described above and always vet the request first by contacting your boss directly via phone.
Security awareness education fosters a culture of cybersecurity and instills best practices company-wide to thwart off threats and be more mindful when interacting on the web or with email.
For more information regarding Align's cybersecurity solutions and education modules visit here.
Looking to bolster your firm's cybersecurity? Interested in learning about potential risk management solutions for your business?
Contact us by clicking here or on the button below.