Fraud Education: A Chilling Twist on Phishing

Imagine you’re a new employee at a company. And in the first few weeks of your new job, you get a text message that seems like it’s being sent by the company's president. It starts innocently enough, with the sender asking if you can help them with something. They eventually ask you to buy gift cards — possibly “for a client” — and share the numbers or codes with them. Then they ghost you. But only after you’ve given them exactly what they want.

Of course, the sender is not an executive at your company but a scammer. They got the executive’s name and your employment status off of LinkedIn or maybe even a hiring announcement. And if you fall for this increasingly common scam, you could be out a few hundred dollars in short order.

Like most phishing scams, this one depends on you believing that the first text message is genuine. And it’s easy to fall for…after all, you’re a new employee and want to make a good impression on the boss (whose mobile number might not be in your contacts yet).

 In addition to cultivating a healthy sense of skepticism about messages from any unknown number, an easy way to protect yourself — besides ignoring/blocking the number — is to use your own version of “two-factor authentication” (sometimes referred to as “2FA”).

This means that if you get a message that seems to come from a supervisor or other authority figure, confirm its legitimacy by another channel of communication. Call the phone number listed in your company directory. Email them at a known, valid address. If you use a platform like Microsoft Teams or Slack, send them a message. If the sender is unavailable, ask their assistant to confirm their mobile phone number.

 Taking the time to do this simple confirmation step could be the difference between getting tricked and staying safe (which is a real treat in comparison!).

Learn more tips and tricks by visiting our Fraud page.