Posts

As the holidays approach, savvy consumers should already be on the lookout for scams and fraud. But what about at work? Do you know how to avoid one of the newest twists on an old scam?

Boss phishing—sometimes called CEO phishing or spearphishing, since the message appears to come from someone high up in the company—has been around for a long time, and its targets can be both financial and data-driven. Usually, in the form of a genuine-looking email, the request asks someone to send over sensitive information, change account numbers and move money around, or even change things like usernames and passwords.

It works for one very simple reason… when the boss says to do something, you do it. However, this kind of trust in following orders means the consequences can be very serious for the company and lead to blowback for the employee who was tricked. This newly reported spearphishing scam, though, is particularly horrible since the innocent employee might be the one who’s most profoundly harmed.

In the new variation, the “CEO” emails someone and directs them to buy thousands of dollars’ worth of gift cards for the employees’ holiday bonuses; this could be with their personal credit card or with a company credit card. After the cards are purchased, the “CEO” emails again and says to scratch off the protective strip then submit the card numbers so the boss can email all of the employees their gift car codes.

In a real report of this crime to the Identity Theft Resource Center, a few hours after sending the gift card codes to the scammers, the victim learned the company computer had been hacked. The emails weren’t genuine, and the scammers made off with $5,000 in gift cards.

Fortunately, you can avoid this scam rather easily, but it does require you to get in the good habit of questioning orders. Hopefully, any company leader whose employee receives a strange request won’t be too put out that they took the initiative to verify it before complying.

1. Never click a link or open an attachment in an email unless you know you can trust it. This applies to both your personal email and your business account.

2. Never follow through with strange requests from anyone within the company—like sending over all the payroll records (which contain Social Security numbers), W2s, sensitive account information, or funds—without picking up the phone and verifying the request.

3. Never hit “reply” to share sensitive information. Instead, create a new email with the requested information in case the initial email was hacked or spoofed.

Of course, it can be daunting to “second guess” the boss but that’s what scammers are counting on when they target someone within your company. Think of it this way: it’s far better to ask a silly question and risk a little awkwardness in the workplace than to put your company in a bad situation. Failing to verify a request that turns out to be a phishing attempt can have serious financial consequences for the business, especially if sensitive information is shared.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “What do you do with your scam awareness?”

Labor Day is just around the corner, and perhaps no one is looking forward to the long weekend more than scammers and identity thieves. The three-day holiday lends itself to a wide variety of ways to steal your money, your personal data or both, so it’s important to brush up on how to spot a possible scam in order to avoid it.

Travel Scams

This particular holiday is traditionally a time for families to take one last quick getaway for the season. In 2015, travel and road service organization AAA said that an expected 35.5 million Americans travel over the three-day weekend. Unfortunately, another statistic can put a damper on those plans: according to the Better Business Bureau, vacation scams cost U.S. consumers around $10 billion per year.

While the internet has grown into an excellent resource for finding steep discounts and bonus packages on travel, accommodations and meals, it’s also a snare that can lead straight to a scammer. It’s important to be on the lookout for flashy pop-up ads, awkward or incorrect wording and spelling in emails or deals that are so cheap that they’re not believable. Remember, just clicking a link and looking into some of these deals can have repercussions if the website the scammer created installs malicious software on your computer.

Play it safe and only use trusted companies to book your hotel, flight or other vacation needs.

 

Skimming

Thieves can insert skimming film into the card reader of a gas pump, point-of-sale system, even a restaurant payment card machine, and that film can nab all of the account information off your card. It’s then transferred onto a blank magnetic stripe card and used in physical locations (which will not necessarily trigger a “suspicious purchase” alert from your card since the card was present at the transaction). You need to be on the lookout for this common holiday travel pitfall, even if your travel plans don’t take you any farther than the local lakeside or park.

If a gas pump or POS payment machine looks tampered with, you might consider using a different pump, going into the store to pay or even using a different payment method. If you’re eating out and the server has to leave with the card to make payment, you could also fall victim to skimming. It’s always a good idea to look over your account statements routinely, but especially after any kind of holiday or major event.

 

Shopping Scams

Are you staying home this year? Labor Day might be a great time to take advantage of a number of sales and discount specials, but buyer beware, phishing emails that offer you massive discounts can redirect you to phony websites. Once there, you enter your personal information and payment card account, only to have it stolen by a scammer.

Fortunately, many retailers—both physical and online—advertise their upcoming holiday specials in advance. If you’re buying a high-end item, you should have plenty of time to look for the best deal and find the most reputable retailer.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media