Would you reimburse an employee who fell for a phishing scam?
![[Post New]](/jforum/templates/default/images/icon_minipost_new.gif){kind=icon}
Anonymous
+1 |
Anonymous
|
No, do not reimburse the employee.
If you do reimburse him/her, then when Tweedle Dee in X Division and Tweedle Dum in Y Division fall for a similar scam, you will have to reimburse them too. Plus you can’t reimburse the employee because your company is so small that everyone will know and expect reimbursement if they fall for a scam too. |
Anonymous
| OP, if you already got the answer you seem to want from the HR forum, then why keep this thread going? Some say reimburse, some say don’t. |
Anonymous
I'm interested in people's perspective. When I have a discussion with the CEO to make a decision I want to be able to consider all aspects of the issue. The CEO is against reimbursing and I want to present some counter arguments so that we can talk through them and feel confident in our decision. |
Anonymous
This |
Anonymous
| No one is allowed to incur expenses on behalf of the company without approval. Why this employee would suddenly think they should spend $2k of their own money and then get reimbursed is incomprehensible. I wonder if the employee is part of the scam! I don't think you should reimburse but if you do, then yes you need to hold a meeting, make them all sign that they understand the policies, and state firmly that NO ONE will be reimbursed going forward so they better be extra careful. And make sure they know they can't spend ANY money without going through the proper approval process which should be documented in your policies and procedures. |
Anonymous
|
I would but I would have a staff meeting and memo training and making clear that employees must verify purchases or they will NOT be reimbursed.
I have seen some very good, convincing phishing emails come through my company that don’t start off talking about anything like gift cards. That only comes up later if you respond to them and then it looks more real. Luckily for the best I have the sense to call the person and IT so they can take care of it but I can see how an older, tech-unsavvy person could fall for them. |
Anonymous
|
The employee is an idiot. If you do reimburse them, it should be on the condition that they receive some real, in-person training on computer security. Maybe your IT people can design some -- it probably wouldn't be a bad idea to offer it anyway.
My office IT people will send out fake phishing emails of various levels of sophistication. Any employee who clicks on a link in the email is required to undergo additional training. |
Anonymous
| At our company every email from outside the company comes with a warning notice in big red letters to prevent phishing. We’d cover the screw up but use it as a company wide lesson and announce that going forward we will not cover it. |
Anonymous
|
In my old job, IT sent out quarterly emails on phishing and even would send various employees phishing emails to test them and then talk to their manager and them.
Sorry but this person is an idiot or in on the scam. No CEO would ever do this. I wouldn't compensate him. If he leaves, no biggie as I'd be afraid what other gullible things he could do. |
Anonymous
|
The human side of me says you should reimburse half. The business side of me says you should not because they have been worn twice, it was a Gmail address, it was a ridiculous request, it was completely outside of her job duties, it shows a complete lack of judgment. And not that it matters that they’re under 40 but I would expect an older person to fall for such a scam but not somebody who is under 40 and has been around technology for many years.
Like I said, on a personal level I feel badly for the employee. If your company is able to afford it, perhaps reimburse half. Would it be tax-deductible at the end of the year? I would also hold an all company mandatory training ASAP about computer security, phishing etc. |
Anonymous
|
If you don't reimburse this employee they are going to quit within a month. Does that matter to you?
This employee may even be pissed off enough to attempt a legal claim against the company. If you don't have an IT department I assume you also don't have in-house counsel. Is incurring those costs, possibly more than the $2000, worth it? If you are interested in protecting the company, those are the counterarguments you may want to present to the CEO. |
Anonymous
It is tax deductible for the employee as a loss from theft (she should file a police report); but would not be for the company because the company was not the victim. But maybe the CFO could try to spin it otherwise. |
Anonymous
The company didn't do anything wrong. When a scammer steals your identity and uses it to steal from someone else, you are not liable for theft. |
Anonymous
Stupidity is not a legal defense. |