Is this really a text message from your CEO…or is it a scam?

Imagine you're going about your day when suddenly you receive a text from your CEO. The business owner is asking for your help. He's visiting clients, and someone else made a mistake by promising to provide gift cards. The CEO needs you to buy six $200 gift cards and text them back to him immediately. Learn more about essential security practices and identifying phishing attacks.

The sender of the message promises to reimburse you by the end of the day. Oh, and by the way, you won't be able to reach him by phone for the next two hours because he'll be in a meeting. One last thing, it's important to understand that this is a priority. He needs those gift cards urgently.

Would this kind of request make you question this exchange, or would you quickly pull out your credit card to comply with his request?

A surprising number of employees fall for this gift card scam. There are also many variations of this scam technique. For example, your boss is supposedly stuck without gas or some other dire situation that only you can help.

This scam can come in the form of a text message, email, or social media message. Scammers often impersonate a company executive or other authority figure. They create a sense of urgency to pressure the victim into acting quickly without thinking. Review things never to do online.

These scams are becoming more sophisticated. Criminals use information from social media and company websites to make their requests seem legitimate. They may know the names of your colleagues, your boss, and details about your company's operations.

How to protect yourself from CEO scams

1. Verify the request

If you receive an unusual request from a superior, verify it through another channel. Call them directly or reach out through official company communication channels. Don't use contact information provided in the suspicious message.

2. Watch for red flags

Be suspicious of:

• Urgent requests for money or gift cards
• Requests to keep the communication confidential
• Unusual payment methods
• Poor grammar or spelling (though scammers are getting better at this)
• Requests that bypass normal procedures

3. Establish verification procedures

Companies should have clear policies for financial requests and unusual demands. Everyone should know the proper channels for such requests and feel empowered to verify them.

4. Train your team

Regular security awareness training helps employees recognize and respond to these scams. Share examples of real scams that have targeted your industry. Learn about endpoint protection.

5. Report suspicious messages

If you receive a suspicious message, report it to your IT department or security team immediately. This helps protect others in your organization.

What to do if you've been scammed

If you've fallen victim to this type of scam:

1. Report it to your supervisor and IT department immediately
2. Contact your bank or credit card company to report the fraud
3. File a report with local law enforcement
4. Document everything related to the scam
5. Learn from the experience to avoid future scams

Protect your business from social engineering attacks

These CEO scams are just one type of social engineering attack. Comprehensive security training and policies can help protect your organization. For strategic planning and comprehensive protection, consider working with a managed IT service provider.

Contact us today to discuss how we can help strengthen your organization's security awareness and defenses against these types of attacks.

About Nexxo

Nexxo Computer Solutions specializes in providing IT and technology services to Quebec businesses. Its mission is to offer Quebec companies IT services tailored to their needs. Acting as an external IT department, it handles all of a company's IT tasks, allowing it to focus on its business activities. It achieves this by collaborating closely with its clients and putting their interests at the center of its concerns.