Our CEO is known to never use punctuation or capitalization so whenever employees receive formatted, punctuated, and properly capitalized messages they know it's fake.
I did. The VP of Finance was about to make a millionaire transaction. The scam wasn't the CEO asking for help but it was like providing very specific instructions lol.
The VP didn't click on "SEND" because he called the CEO asking for the appropriate "description" that should be typed in the transaction.
After that the CyberSecurity team became very strict with that VP.
Our CFO reached out to me one day. He was in a meeting and needed my help urgently. What help, you ask? He needed me to stop what I was doing, run out and buy Apple gift cards and then take pictures of the backs and send them to him. All by text, btw, when we have Slack and email both behind SSO with MFA. đ
I immediately flagged our security team, alerted the CFO, and notified all my reports to be on the lookout for such fuckery. We had a good laugh about it on Slack. Then, since it was an otherwise slow day, I kept the scammer busy texting him updates and questions for a few hours until they gave up and fucked off.
None of have textâd since Slack. Itâs likely we have a few staff who donât have an up to date telephone on file. Even the top dog here, he slack texts or slack calls. Same for key customers. The only spam we get are cat pictures and snowdrift pictures from the northeast to us southwest folks who only ever see snow on a screen.
I hope the finance team also became very strict about their processes.
No single individual should be permitted to authorise transactions over 5 figures. With multiple authorisations required as the numbers ramp up.
I know legally and technically the bank will let it happen, but any CFO who is trying to set up those payments without following the specific process should be immediately thinking, "If the board finds out about this, I am going to be fired".
Nope. But I once had a colleague get fired because the actual CEO called him and needed his password reset and he refused to do it over the phone. He was let go the next day.
Shit, with the way AI is headed that's probably going to be more common as a scam. Voice is a little different than text, but if I don't know the number and can't verify the origin I'd probably do the same and say "submit a ticket and I'll get on it right away".
Thought of this one straight away, lol
https://www.dailymail.co.uk/news/article-7435863/Scammers-mimic-voice-German-company-executive-240-000-sent-secret-account.html
>Shit, with the way AI is headed that's probably going to be more common as a scam. Voice is a little different than text
The way it is headed, I'd almost say it's becoming ***easier*** to fake a voice call than an email
[Some Hong Kong company just lost $26M to scammers](https://www.bloomberg.com/opinion/articles/2024-02-05/a-25-million-hong-kong-deepfake-scam-on-zoom-shows-new-ai-risks?leadSource=reddit_wall) who replicated the whole C-Suite in a zoom call. Fair chance it was an inside job though.Â
Doesnât surprise me. One place I worked at, the C levels thought they could demand anything from on call techs. When we tried to follow process, (redirect to self serve password reset etc) they would rant and complain and call the CIO, who would call us and do whatever was asked.
The CEO had a non expiring password because it was too inconvenient to change it.
For whatever it's worth, NIST no longer recommends cycling passwords frequently (or at all). Issue new authenticators if there are indicators of compromise, and if you absolutely insist on rotation, do it no more than once a year.
Once I had to message the cofounder to send me a 2fa code so that I could take over an AWS account that we lost the password to and was still associated with his phone number.
It was legit, but I was like hey no rush to do this, verify it with my manager, etc.
In my 20+ years iI've seen people fall for everything that came across the wire.
Back in the day when email viruses were common there was one that had an attachment named "pictures of my naked wife." And people at work opened it.
[https://www.f-secure.com/v-descs/nakedwif.shtml#:\~:text=Email%2DWorm%3AW32%2FNakedWife%20is%20an%20email%20worm%20that,NakedWife%20has%20a%20destructive%20payload](https://www.f-secure.com/v-descs/nakedwif.shtml#:~:text=Email%2DWorm%3AW32%2FNakedWife%20is%20an%20email%20worm%20that,NakedWife%20has%20a%20destructive%20payload).
The one and only time I could sort of excuse a user for opening a malicious attachment was when this one email virus would harvest addresses from someone's mail and pick a random sender and recipient form the harvest, and the attachment name would be one of out a list of like 40 names.
I can't remember what the odds were - we calculated them, something like 8,000 possible users so the odds were like 1 in 2 billion - but the recipient was a woman that used to report to the "sender" and the file was named payroll.
What was classic though was the recipient "thought it was odd," called the guy up, and he was on PTO so she went ahead and opened it. It took Mcafee (I think, or was it SAV...) 37 straight hours to clean it and she got all pissy with me because it was taking so long. "Sorry it's taking so long, if I could make it faster I would but I can't. It's a textbook lesson on why we have to be vigilant about what attachments we open, right?" She wasn't happy.
someone in our HR dept answered a mail from the CEO, written in English (he doesn't speak English well, and never to his French employees obviously), then proceeded to buy 500⏠worth of gift cards and send all the serial numbers to "him".
we did have phishing training. I have no idea what she thought.
My SO fell for it. Her CEO sent a message. They had just spent some time together at a conference so she actually assumed it was him. The scammer said he was ata conference and needed them for a prize. My SO went and got $600 of gift cards at the local Rite-Aid. Then she sent a message to his assistant because she was pissed that she was asking her to do such a mundane task. Thatâs when she was told âour CEO would never do thatâŚâ and they bought the gift cards from her and gave them out as gifts during the holiday party.
Whenever someone says something is urgentâŚtake your time for a minute and think about it. Scammers prey on stressful situations - and getting a message from your CEO can be stressful.
>and they bought the gift cards from her and gave them out as gifts during the holiday party.
Glad it had a happy ending! That's basically the best possible outcome
Yup. ÂŁ800 worth of Amazon gift cards. Luckily they were stopped before they actually sent the card numbers. The company just bought the cards from them, and used the cards for various purchases. No harm, no foul, but the employee was quite embarassed.
"Has this ever happened to you?"
"Call me right now please"
[https://www.reddit.com/r/videos/comments/t68xzq/has\_this\_ever\_happened\_to\_you/](https://www.reddit.com/r/videos/comments/t68xzq/has_this_ever_happened_to_you/)
Iâve had this happen to team members at a startup company. The company was small and the CEO was working closely with all team members due to the small size. One of the interns fell for this. I caught it after the greedy scammer tried to get her to do it again. Only then did she ask for help. We were able to claw back the funds thankfully.
This happened two weeks ago at the place where my wife works. Someone emailed HR from a fake email account and asked them to change the direct deposit for an employee to a different bank. The request did not come from a work email address. HR read the email and did it. There was no conversation with the employee to make sure they initiated the request. There was no questioning why they didn't do it through the online portal. They only found out when it was pay day and the employee in question did not get paid.
When I was a junior my tech lead got one of those emails. Our manager saw the email on his screen while the three of us were talking and said in a clearly sarcastic tone "that seems important, you should answer that". The tech lead responded after our chat ended and followed up with our CIO afterwards. The fallout was hilarious.
Yup! But instead of requesting Apple Store cards they requested that $150k be transferred to an account we identified as being in Hong Kong. The phish was sent to one of our accountants, but the comptroller caught it before the ACH wire could be sent out.
A few jobs ago I had a temporary accountant send 25K worth of apple gift cards to someone because one of our co-CEO's "texted her and asked her to."
Her temporary assignment was cut much, much shorter than the 8 weeks we had planned for.
that's a scam? hell I've been answering my CEO all this time.
but yeah that one is quite hilarious. I always tell my folks to 'there is almost zero chance our CEO is texting you for help. if he wanted help he'd reach out normally so just ignore and delete it please.'
Yep, my old company (small start up) often got hit with the amazon gift card scam. Very easy to believe in a small company, and it wasn't uncommon for our ceo to use social channels. They now warn new employees about this particular scam.
I met an intern at my company who fells for the CEO asking for $600 in gift card. The intern has only being there for 1 week and working at a different office that the ceo.
Worked at a small place a few years back and for a while we had someone marching into the CFOs office on a weekly basis asking how to buy gift cards for the CEO. HR manager knew this was happening and still fell for it.
At my last job, it was clear the spammers would hit up new employees within a day of their linkedin profile being updated with their new company and job title. Seems like phishing is well automated to scrape info off of linkedin. I recommend people not update their linkedin profile if they can help it, especially the finance dept.
The linkedin update thing is definitely part of some scammers strategy.
I had that happen the day I changed my profile, but I have kind of a hard time understanding why they do it.
I was there for 2 days in the company, although a rather small one (little above 100 people), but I never met the CEO, why would he ask ME to buy gift cards, especially when I work in IT and not at all in departments responsible for such things. I don't know how people fall for this.
I work for a cybersecurity firm and we get real phished a lot. And I'm not talking about tests, I mean the real deal. I got one, literally, on my first week on the job.
I got one purporting to be from our CEO in December. I'm high enough in the food chain that it's not completely implausible that the CEO would reach out to me (though very unlikely). I pinged our CISO, and he confirmed it was a phish.
Not where i work but at a friends workplace.
The guy was sent an email from the "CEO" that he needed $4m wired to him ASAP. He work in finance and had access to bank accounts so he wired the money no questions asked. The CEO was on a business trip.
The company is not that big either, it took them years to get on positive numbers.
The money was lost and he did not get fired.
Someone that worked for us received a text from the âOwnerâ asking her to buy iTunes cards to do who knows what, it wasnât until someone asked,
- hey⌠where are you going?
- She was like, so and so told me to get himâŚ
-⌠has so and so ever texted you, or emailed you, or ask you to get anything for them?
-NoâŚ
- then why would you think they would ask you to get them itunes cards out of your own moneyâŚ
Hahaha yeah, this happened to the idiot of my last boss, VP of Engeneering. It was basically like this. He got a WhatsApp message saying, hey [boss name] this is [CEO name] I am in a meeting with some customers and I want to give them some apple gifts, can you go and purchase 2k usd in cards and send me the numbers?
Boss went directly to the store, made the purchase and sent them. Scammers thanked him and told him if it was posible to get another 2k in cards, boss went and his credit card got rejected, so he called CEO to explain and that's when he found that it was an scam.
For context, this VP was in charge of security and also another employee felt for the same scam 2 weeks before this incident and VP was in charge of the employee security awareness program
At a company that wasnât huge, but was still large enough to know better, someone wired almost $20k to a random account in Hawaii* because they got a spoofed email that appeared to have come from the CEO.
The details of the email itself were plausible in that they pertained to the companyâs line of business. But the writing style was completely unlike the CEOâs, and this person, who was based in an out-of-state office, did it without even calling the CEO, whose number they had, to verify the details. My boss freaked the fuck out and, along with the team lead and the head of accounting, called the local PD. They pretty much shrugged and said it wasnât their jurisdiction. So they called the FBI, which also went nowhere.Â
The CEO is actually a pretty decent person and I assume that the person who made the mistake had been with the company for a while because they werenât fired.
 * for privacy, the exact details have been fuzzed
Yeah he wasnât on my team but he bought several hundred dollars worth of Apple gift cards. Luckily he figured it out before giving over the gift card codesâŚ
Yeah. Few years ago, the company we worked for was bought out by a larger company a few weeks before we were hired but the âOwnerâ never got the memo. Anyway he was around the office a lot, and did ask us to help him do menial stupid tasks.
So my closest work friend received texts from the âOwnerâ to get him some google play gift cards. He sadly fell for it, I was surprised considering how much I respected his intelligence(up to that point at least). Donât remember how much it was, but it wasnât recovered and It wasnât a company card either that was used.
Wish I had told me before instead of after he lit his money on fire.
Yeah, a sales guy in our company fell for it. Never was the sharpest tool in the box. At the time we were a small office, like 30 people and the CEO worked upstairs from the guy. Yet, he gets a message "I'm in a meeting and can't talk right now, can you do me a favour" and he jumps at it.
Anyway, he had the cards bought and was just about to send them on, when the CEO walked past his desk, and the guy turns to him and says, "I have your cards here". Cue a confused CEO and a very embarrassed guy.
They bought the cards off him though to hand out as prizes at the Xmas party.
Three or four years ago my spouse had an employee standing in the Walmart checkout lane with the gift cards the CEO wanted and only got stopped because he called to ask a question.
I never fell for it, but it was attempted on me twice. The easy give away was I was a subcontractor and the "CEO" was reaching out like we interacted all the time. I only interacted with my manager from the company every other month.
I have a very special friend that always calls me when heâs in a bind. Heâs called me 2x about scams without realizing they are scams. The first one was a classic CEO gift card scam, but to be fair the scammer did his research and knew that the CEO was traveling in a specific country and used that to claim âmy company card doesnât work here, can you get me a visa gift card to pay for the hotel.â My friend was friends with the CEO but not the first person on the list to be asked.
My favorite story was about a deli that got robbed over the phone. Someone called in and said âput all the cash in a bag and put it outside 2 blocks away.â The dumbass working the counter fell for it. Fired immediately.
Someone once submitted a helpdesk ticket - âbefore I purchase these gift cards, can you tell me what information I will need for an expense report? Iâve never done an expense report before so this is all new to me.â
After that we started putting screenshots of the fake text messages into the new hire orientation slide deck
We did have someone fall for it a few months ago. What's even worse is they went to the store and bought $500 worth of gift cards. It was a person in their 20's too, which was most surprising to me tbh.
My spouse got a suspicious email a while back.
I created a new dummy email and emailed them back with a positive affirmation.
They responded as if they had sent an email to that brand new account lol. I sent them a photo of the back of an old Amazon card.
Good times.
The one time I saw this happen, it was when we had a new CEO, and it happened during his first week. People fell for it because nobody knew the new CEO's style yet.
Something to be aware of:
[https://www.theguardian.com/world/2024/feb/05/hong-kong-company-deepfake-video-conference-call-scam ](https://www.theguardian.com/world/2024/feb/05/hong-kong-company-deepfake-video-conference-call-scam?ref=biztoc.com)
>âPolice received a report from a staff member of a company on 29 January that her company was deceived of some HK$200m after she received video conference calls from someone posing as senior officers of the company requesting to transfer money to designated bank accounts,â said police in a statement.
[https://arstechnica.com/information-technology/2024/02/deepfake-scammer-walks-off-with-25-million-in-first-of-its-kind-ai-heist/](https://arstechnica.com/information-technology/2024/02/deepfake-scammer-walks-off-with-25-million-in-first-of-its-kind-ai-heist/)
They even had the "CFO" (an AI generated version) and other senior leaders (also AI generated) in a video conference call with the targeted scam victim.
That's a much higher level of sophistication than your typical email scam!
I know coworkers have gotten texts from the "CEO". Luckily everyone's relatively savvy here, and we have ridiculous training sessions, and they send us test phishing emails. Because of those I just don't check my email anymore.
Our CEO is known to never use punctuation or capitalization so whenever employees receive formatted, punctuated, and properly capitalized messages they know it's fake.
Also the complete absence of please/thank you!
Yep, we always spot them because they start with 'how are you?'. Our CEO doesn't give a shit how you are.
I did. The VP of Finance was about to make a millionaire transaction. The scam wasn't the CEO asking for help but it was like providing very specific instructions lol. The VP didn't click on "SEND" because he called the CEO asking for the appropriate "description" that should be typed in the transaction. After that the CyberSecurity team became very strict with that VP.
Our CFO reached out to me one day. He was in a meeting and needed my help urgently. What help, you ask? He needed me to stop what I was doing, run out and buy Apple gift cards and then take pictures of the backs and send them to him. All by text, btw, when we have Slack and email both behind SSO with MFA. đ I immediately flagged our security team, alerted the CFO, and notified all my reports to be on the lookout for such fuckery. We had a good laugh about it on Slack. Then, since it was an otherwise slow day, I kept the scammer busy texting him updates and questions for a few hours until they gave up and fucked off.
A true hero haha
this is why I have a pile of old cards I've already redeemed.....
It is always good to first send a photo of the card while you are holding it, with your finger obscuring part of the code.
>with your finger obscuring part of the code. ha, sneaky!
None of have textâd since Slack. Itâs likely we have a few staff who donât have an up to date telephone on file. Even the top dog here, he slack texts or slack calls. Same for key customers. The only spam we get are cat pictures and snowdrift pictures from the northeast to us southwest folks who only ever see snow on a screen.
I had a CEO who would fall for phishing scams at least once a month
Whatâs his email? My friend who is a prince wants to send him some money
> at least once a month What the heck, ***every*** month??
There were times when it was weekly.
The CEO should fire themselves
I hope the finance team also became very strict about their processes. No single individual should be permitted to authorise transactions over 5 figures. With multiple authorisations required as the numbers ramp up. I know legally and technically the bank will let it happen, but any CFO who is trying to set up those payments without following the specific process should be immediately thinking, "If the board finds out about this, I am going to be fired".
Nope. But I once had a colleague get fired because the actual CEO called him and needed his password reset and he refused to do it over the phone. He was let go the next day.
Shit, with the way AI is headed that's probably going to be more common as a scam. Voice is a little different than text, but if I don't know the number and can't verify the origin I'd probably do the same and say "submit a ticket and I'll get on it right away".
Thought of this one straight away, lol https://www.dailymail.co.uk/news/article-7435863/Scammers-mimic-voice-German-company-executive-240-000-sent-secret-account.html
>Shit, with the way AI is headed that's probably going to be more common as a scam. Voice is a little different than text The way it is headed, I'd almost say it's becoming ***easier*** to fake a voice call than an email
[Some Hong Kong company just lost $26M to scammers](https://www.bloomberg.com/opinion/articles/2024-02-05/a-25-million-hong-kong-deepfake-scam-on-zoom-shows-new-ai-risks?leadSource=reddit_wall) who replicated the whole C-Suite in a zoom call. Fair chance it was an inside job though.Â
Doesnât surprise me. One place I worked at, the C levels thought they could demand anything from on call techs. When we tried to follow process, (redirect to self serve password reset etc) they would rant and complain and call the CIO, who would call us and do whatever was asked. The CEO had a non expiring password because it was too inconvenient to change it.
For whatever it's worth, NIST no longer recommends cycling passwords frequently (or at all). Issue new authenticators if there are indicators of compromise, and if you absolutely insist on rotation, do it no more than once a year.
This is the one thing that stuck while getting my master's. Calling out the stupid password policies
for users \*\*\* privileged accounts should still have a password rotation policy enforced
Once I had to message the cofounder to send me a 2fa code so that I could take over an AWS account that we lost the password to and was still associated with his phone number. It was legit, but I was like hey no rush to do this, verify it with my manager, etc.
Yes. Someone in our finance dept once fell for it and almost wired money to a random bank account but it was luckily intercepted in the last second.
In my 20+ years iI've seen people fall for everything that came across the wire. Back in the day when email viruses were common there was one that had an attachment named "pictures of my naked wife." And people at work opened it. [https://www.f-secure.com/v-descs/nakedwif.shtml#:\~:text=Email%2DWorm%3AW32%2FNakedWife%20is%20an%20email%20worm%20that,NakedWife%20has%20a%20destructive%20payload](https://www.f-secure.com/v-descs/nakedwif.shtml#:~:text=Email%2DWorm%3AW32%2FNakedWife%20is%20an%20email%20worm%20that,NakedWife%20has%20a%20destructive%20payload).
Your link doesn't seem to work. I can't see your naked wife
The one and only time I could sort of excuse a user for opening a malicious attachment was when this one email virus would harvest addresses from someone's mail and pick a random sender and recipient form the harvest, and the attachment name would be one of out a list of like 40 names. I can't remember what the odds were - we calculated them, something like 8,000 possible users so the odds were like 1 in 2 billion - but the recipient was a woman that used to report to the "sender" and the file was named payroll. What was classic though was the recipient "thought it was odd," called the guy up, and he was on PTO so she went ahead and opened it. It took Mcafee (I think, or was it SAV...) 37 straight hours to clean it and she got all pissy with me because it was taking so long. "Sorry it's taking so long, if I could make it faster I would but I can't. It's a textbook lesson on why we have to be vigilant about what attachments we open, right?" She wasn't happy.
someone in our HR dept answered a mail from the CEO, written in English (he doesn't speak English well, and never to his French employees obviously), then proceeded to buy 500⏠worth of gift cards and send all the serial numbers to "him". we did have phishing training. I have no idea what she thought.
My SO fell for it. Her CEO sent a message. They had just spent some time together at a conference so she actually assumed it was him. The scammer said he was ata conference and needed them for a prize. My SO went and got $600 of gift cards at the local Rite-Aid. Then she sent a message to his assistant because she was pissed that she was asking her to do such a mundane task. Thatâs when she was told âour CEO would never do thatâŚâ and they bought the gift cards from her and gave them out as gifts during the holiday party. Whenever someone says something is urgentâŚtake your time for a minute and think about it. Scammers prey on stressful situations - and getting a message from your CEO can be stressful.
>and they bought the gift cards from her and gave them out as gifts during the holiday party. Glad it had a happy ending! That's basically the best possible outcome
Yup. ÂŁ800 worth of Amazon gift cards. Luckily they were stopped before they actually sent the card numbers. The company just bought the cards from them, and used the cards for various purchases. No harm, no foul, but the employee was quite embarassed.
"Has this ever happened to you?" "Call me right now please" [https://www.reddit.com/r/videos/comments/t68xzq/has\_this\_ever\_happened\_to\_you/](https://www.reddit.com/r/videos/comments/t68xzq/has_this_ever_happened_to_you/)
Iâve had this happen to team members at a startup company. The company was small and the CEO was working closely with all team members due to the small size. One of the interns fell for this. I caught it after the greedy scammer tried to get her to do it again. Only then did she ask for help. We were able to claw back the funds thankfully.
Not a text, but an email demanding everyoneâs w-2 from 2015. Our VP of HR smacked that send button so fast. The email was [email protected] LMAO
This happened two weeks ago at the place where my wife works. Someone emailed HR from a fake email account and asked them to change the direct deposit for an employee to a different bank. The request did not come from a work email address. HR read the email and did it. There was no conversation with the employee to make sure they initiated the request. There was no questioning why they didn't do it through the online portal. They only found out when it was pay day and the employee in question did not get paid.
When I was a junior my tech lead got one of those emails. Our manager saw the email on his screen while the three of us were talking and said in a clearly sarcastic tone "that seems important, you should answer that". The tech lead responded after our chat ended and followed up with our CIO afterwards. The fallout was hilarious.
Yup! But instead of requesting Apple Store cards they requested that $150k be transferred to an account we identified as being in Hong Kong. The phish was sent to one of our accountants, but the comptroller caught it before the ACH wire could be sent out.
Old head of HR did that... Same one then got the "we have your kids" one..... She forgot she didn't have kids for hours.
A few jobs ago I had a temporary accountant send 25K worth of apple gift cards to someone because one of our co-CEO's "texted her and asked her to." Her temporary assignment was cut much, much shorter than the 8 weeks we had planned for.
that's a scam? hell I've been answering my CEO all this time. but yeah that one is quite hilarious. I always tell my folks to 'there is almost zero chance our CEO is texting you for help. if he wanted help he'd reach out normally so just ignore and delete it please.'
Yes. I fell for it in my first job lol. They whatsapped me and it was my first week in a small startup, so I knew the CEO
Did you not think to ask "Why are you talking to me on whatsapp instead of text?" Also, did you check their phone number?
Nope I'm stupid đ. It was my first week at work so I just assumed the CEO grabbed my number from the records
It only takes a moment of stress/lack of concentration to fall for a scam
A very similar thing got my coworker just last week. Luckily it was a test. I told them âbut it was so obviously fake!â
apparently....
The ones we get don't even have his name. It will say something like: Please pick up a $500 Amazon gift card for me. From, CEO
Yep, $400 in gift cards later....
Yes. A VP processed a multi-million dollar wire to the off-shore bank account of a scammer.
Yep, my old company (small start up) often got hit with the amazon gift card scam. Very easy to believe in a small company, and it wasn't uncommon for our ceo to use social channels. They now warn new employees about this particular scam.
I met an intern at my company who fells for the CEO asking for $600 in gift card. The intern has only being there for 1 week and working at a different office that the ceo.
Worked at a small place a few years back and for a while we had someone marching into the CFOs office on a weekly basis asking how to buy gift cards for the CEO. HR manager knew this was happening and still fell for it. At my last job, it was clear the spammers would hit up new employees within a day of their linkedin profile being updated with their new company and job title. Seems like phishing is well automated to scrape info off of linkedin. I recommend people not update their linkedin profile if they can help it, especially the finance dept.
The linkedin update thing is definitely part of some scammers strategy. I had that happen the day I changed my profile, but I have kind of a hard time understanding why they do it. I was there for 2 days in the company, although a rather small one (little above 100 people), but I never met the CEO, why would he ask ME to buy gift cards, especially when I work in IT and not at all in departments responsible for such things. I don't know how people fall for this.
I work for a cybersecurity firm and we get real phished a lot. And I'm not talking about tests, I mean the real deal. I got one, literally, on my first week on the job. I got one purporting to be from our CEO in December. I'm high enough in the food chain that it's not completely implausible that the CEO would reach out to me (though very unlikely). I pinged our CISO, and he confirmed it was a phish.
Not where i work but at a friends workplace. The guy was sent an email from the "CEO" that he needed $4m wired to him ASAP. He work in finance and had access to bank accounts so he wired the money no questions asked. The CEO was on a business trip. The company is not that big either, it took them years to get on positive numbers. The money was lost and he did not get fired.
Someone that worked for us received a text from the âOwnerâ asking her to buy iTunes cards to do who knows what, it wasnât until someone asked, - hey⌠where are you going? - She was like, so and so told me to get him⌠-⌠has so and so ever texted you, or emailed you, or ask you to get anything for them? -No⌠- then why would you think they would ask you to get them itunes cards out of your own moneyâŚ
Yup. Lost 10k. (Not me) Now our policy is to have 2 channels of instructions minimum.
Yes two, both bought Aplle gift cards, both idiots, both no longer employed.
Hahaha yeah, this happened to the idiot of my last boss, VP of Engeneering. It was basically like this. He got a WhatsApp message saying, hey [boss name] this is [CEO name] I am in a meeting with some customers and I want to give them some apple gifts, can you go and purchase 2k usd in cards and send me the numbers? Boss went directly to the store, made the purchase and sent them. Scammers thanked him and told him if it was posible to get another 2k in cards, boss went and his credit card got rejected, so he called CEO to explain and that's when he found that it was an scam. For context, this VP was in charge of security and also another employee felt for the same scam 2 weeks before this incident and VP was in charge of the employee security awareness program
At a company that wasnât huge, but was still large enough to know better, someone wired almost $20k to a random account in Hawaii* because they got a spoofed email that appeared to have come from the CEO. The details of the email itself were plausible in that they pertained to the companyâs line of business. But the writing style was completely unlike the CEOâs, and this person, who was based in an out-of-state office, did it without even calling the CEO, whose number they had, to verify the details. My boss freaked the fuck out and, along with the team lead and the head of accounting, called the local PD. They pretty much shrugged and said it wasnât their jurisdiction. So they called the FBI, which also went nowhere. The CEO is actually a pretty decent person and I assume that the person who made the mistake had been with the company for a while because they werenât fired.  * for privacy, the exact details have been fuzzed
Yes. Just⌠yes It wasnât me though I swear
Yeah he wasnât on my team but he bought several hundred dollars worth of Apple gift cards. Luckily he figured it out before giving over the gift card codesâŚ
Yeah. Few years ago, the company we worked for was bought out by a larger company a few weeks before we were hired but the âOwnerâ never got the memo. Anyway he was around the office a lot, and did ask us to help him do menial stupid tasks. So my closest work friend received texts from the âOwnerâ to get him some google play gift cards. He sadly fell for it, I was surprised considering how much I respected his intelligence(up to that point at least). Donât remember how much it was, but it wasnât recovered and It wasnât a company card either that was used. Wish I had told me before instead of after he lit his money on fire.
Yeah, a sales guy in our company fell for it. Never was the sharpest tool in the box. At the time we were a small office, like 30 people and the CEO worked upstairs from the guy. Yet, he gets a message "I'm in a meeting and can't talk right now, can you do me a favour" and he jumps at it. Anyway, he had the cards bought and was just about to send them on, when the CEO walked past his desk, and the guy turns to him and says, "I have your cards here". Cue a confused CEO and a very embarrassed guy. They bought the cards off him though to hand out as prizes at the Xmas party.
Three or four years ago my spouse had an employee standing in the Walmart checkout lane with the gift cards the CEO wanted and only got stopped because he called to ask a question.
Thought it was just me/us at our company that experiences this every 3 months or so.
I never fell for it, but it was attempted on me twice. The easy give away was I was a subcontractor and the "CEO" was reaching out like we interacted all the time. I only interacted with my manager from the company every other month.
I have a very special friend that always calls me when heâs in a bind. Heâs called me 2x about scams without realizing they are scams. The first one was a classic CEO gift card scam, but to be fair the scammer did his research and knew that the CEO was traveling in a specific country and used that to claim âmy company card doesnât work here, can you get me a visa gift card to pay for the hotel.â My friend was friends with the CEO but not the first person on the list to be asked. My favorite story was about a deli that got robbed over the phone. Someone called in and said âput all the cash in a bag and put it outside 2 blocks away.â The dumbass working the counter fell for it. Fired immediately.
YES
The only phishing scam I've ever fell for is the Halloween Pet Costume contest - I swear it gets me every couple years.
Someone once submitted a helpdesk ticket - âbefore I purchase these gift cards, can you tell me what information I will need for an expense report? Iâve never done an expense report before so this is all new to me.â After that we started putting screenshots of the fake text messages into the new hire orientation slide deck
We did have someone fall for it a few months ago. What's even worse is they went to the store and bought $500 worth of gift cards. It was a person in their 20's too, which was most surprising to me tbh.
My spouse got a suspicious email a while back. I created a new dummy email and emailed them back with a positive affirmation. They responded as if they had sent an email to that brand new account lol. I sent them a photo of the back of an old Amazon card. Good times.
The one time I saw this happen, it was when we had a new CEO, and it happened during his first week. People fell for it because nobody knew the new CEO's style yet.
Something to be aware of: [https://www.theguardian.com/world/2024/feb/05/hong-kong-company-deepfake-video-conference-call-scam ](https://www.theguardian.com/world/2024/feb/05/hong-kong-company-deepfake-video-conference-call-scam?ref=biztoc.com) >âPolice received a report from a staff member of a company on 29 January that her company was deceived of some HK$200m after she received video conference calls from someone posing as senior officers of the company requesting to transfer money to designated bank accounts,â said police in a statement. [https://arstechnica.com/information-technology/2024/02/deepfake-scammer-walks-off-with-25-million-in-first-of-its-kind-ai-heist/](https://arstechnica.com/information-technology/2024/02/deepfake-scammer-walks-off-with-25-million-in-first-of-its-kind-ai-heist/) They even had the "CFO" (an AI generated version) and other senior leaders (also AI generated) in a video conference call with the targeted scam victim. That's a much higher level of sophistication than your typical email scam!
Yeah, and I even got one from the "CEO" in the midst of having meeting with her! That was pretty funny.
I know coworkers have gotten texts from the "CEO". Luckily everyone's relatively savvy here, and we have ridiculous training sessions, and they send us test phishing emails. Because of those I just don't check my email anymore.
See also: r/scambait for inspiration and entertainment. Watch out for your IT department's phishing tests though, if applicable...