Have you ever received an email asking you to purchase a gift card?
We are seeing clients being spear-phished more and more.
Just this week, someone fell for it and purchased over $1,000 worth of cards, scraped off the codes, and emailed back pictures of the codes.
Would your company reimburse her? Kinda feel sorry for her. Sometimes it helps to get security awareness training from your organization. This staff person was not trained properly.
Here is an example of the email.
1. Note the GMAIL Address
2. Note the DEADLINE. Very common in these attempts.
3. Note that it targets a user specifically and will use the owners name.
If you don’t have a cybersecurity training program like BrightDefense in place, please make sure you educate your users on this type of attack.
When in doubt, employees should bring suspicious emails to the attention of a manager.