Imagine you are sitting at your desk, working on a project, juggling emails and instant messages, and suddenly an email comes in from the CEO of the company. She is asking “do you have time to do me a favor?” Your first reaction is to email her back and say, “yes of course I do”. After all it is the CEO and you are a team player. She responds by asking you to go pick up multiple gift cards for clients and email her the gift card numbers.
Seems simple enough, right? That is where you would be wrong.
The bad guys are impersonating executive level individuals in the hope that they can email you and ask you to do the very same scenario as I have played out above. I know, because I received such an email last week. Fortunately for me since we have a Security Awareness Program, I did not fall for it.
Our Security Awareness Program trains our staff to look for CEO fraud scam emails:
Is it coming from the correct email address?
Are there misspelled words, grammar mistakes, etc.
Is there a sense of urgency to the email?
Is the person asking you to do something that has to do with money or to divulge confidential information?
What should I do if I receive an email that seems suspicious?
Do not respond to the email. If this is a scam, then by replying to the email you will be responding to the bad guys.
Pick up the phone and TALK to the person who sent the email. Confirm with a LIVE phone call that they really sent the email.
Contact your IT department
Never comply with an email asking you to do something urgently like wire money, purchase gift cards, or divulge confidential information without first CALLING the person who sent the email to confirm the validity.
An effective Security Awareness Program is necessary to know what to look for and to change behaviors.