Would you reimburse an employee who fell for a phishing scam?

post reply Forum Index » Jobs and Careers
[Post New]05/02/2019 15:43
quote
Anonymous
This is the OP. The staff member gave the scammers the gift card numbers and codes, they have all been used, there is zero balance on them.

I want to be humane, but we are small company. I would feel slightly more inclined if it wasn't for the fact that we had specifically warned people about this less than two weeks ago.
[Post New]05/02/2019 15:43
quote
Anonymous
My law firm has had TWO seminars on phishing and said one of the most common requests is to get an email from someone high up at your company, they ask you to buy something, and they make it sound urgent.

You need to give a company-wide talk to ALL employees on this. We had someone come in from a bank - Citi, maybe?

Reimburse the employee at LEAST half.
[Post New]05/02/2019 15:44
quote
Anonymous
Anonymous wrote:
Anonymous wrote:
Anonymous wrote:Your employee is an idiot, but if you can afford it, yes, I'd reimburse them. It's a lot of money and can break a person.


This.


Agree, it was an honest mistake on the employees part. Take the gift cards and give out if you have a picnic over the summer or at the holidays. They were an idiot for agreeing to use their own money but in many companies, including large ones, for things like travel you pay and get reimbursed SO this may be a normal thing to do at your company and in that case it made sense they did it.


The "fake CEO" probably has the gift cards, not the OP/her company.
[Post New]05/02/2019 15:45
quote
Anonymous
Andy - I need a $2000 gift card to Sephora, stat!

No time to explain why.

- CEO
[Post New]05/02/2019 15:48
quote
Anonymous
None of the legit vendors (bank, cc company, gc companies) is willing to reverse the transaction(s)? If not willing to reimburse outright (moral hazard, etc) provide as much assistance as possible to find a remedy for the employee, and consider repurposing the gift cards for charity purposes, employee motivation programs?

Hard to believe the employee wouldn't want to verify the request though. Hope they are not entrusted with securing company finances.

Is the workplace like mine where we are inundated with useless emails? (IT stuff not related to anything my unit does, too-frequent IT updates on stuff that is related, automated emails where the scripting needs to be tweaked and everybody gets a copy of process emails that only affect 3 people, on and on and on. Finding something you need is like going through a hoarder's basement.

Truth is, all kinds of people get caught by phishing (not just the DNC). And there's this from 2018 (wired magazine)

[Post New]05/02/2019 15:51
quote
Anonymous
Anonymous wrote:Our company has been getting a lot of phishing emails lately. We are working hard with our IT vendors to deal with this and have sent two high priority emails to staff telling them to be careful, explaining what these scams are and what to look out for, and giving steps of what they should do if they receive one.

Over the weekend an employee got an email at their work email address that looked like it was coming from the CEO, asking them to purchase gift cards for him. The employee followed the instructions and wound up spending $2k of their own money on gift cards. When we discovered what happened we instructed the staff member to contact their credit card company, bank and the gift card vendor. All of these told him that since they bought the cards legitimately there is no recourse on their end. I instructed the employee to also file a police report.

From the company perspective we do not feel that we should reimburse the staff member for this cost. I feel terrible for them, but we had sent warnings about this very scenario. Also, the request itself was not anything our CEO would ever ask a staff member to do, so the staff member really should have known better.

Is there anyone that thinks the company should pay the staff member back? Is there anything else we can do?


That staff person is truly dumb.

It's sad, but s/he doesn't deserve to get the money back...or even to have a job with email access.
[Post New]05/02/2019 15:52
quote
Anonymous
The confounding factor here is you admit that your company is not doing a good job of blocking such phishing emails. I think you should reimburse them.
[Post New]05/02/2019 15:52
quote
Anonymous
Anonymous wrote:Andy - I need a $2000 gift card to Sephora, stat!

No time to explain why.

- CEO


Done!
[Post New]05/02/2019 15:53
quote
Anonymous
Also whey did they use their personal funds for the purchase insetad of a company card?
[Post New]05/02/2019 15:54
quote
Anonymous
Anonymous wrote:The confounding factor here is you admit that your company is not doing a good job of blocking such phishing emails. I think you should reimburse them.


I agree.
[Post New]05/02/2019 15:55
quote
Anonymous
No, we do not. Nor does my H's employer; they had this happen to someone very recently and she lost $600 of her own money. She apparently did not pay any attention to the multiple trainings provided.
[Post New]05/02/2019 15:55
quote
Anonymous
Was it a normal request for your CEO to make on the weekend that couldn't have waited until it was vetted Monday? That seems super shady....and I would not have just gone out and done that.
[Post New]05/02/2019 15:55
quote
Anonymous
Anonymous wrote:Also whey did they use their personal funds for the purchase insetad of a company card?


This staff member does not have a company credit card.
[Post New]05/02/2019 15:56
quote
Anonymous
I might fire them for being stupid. What if they had done something that damaged the company?
[Post New]05/02/2019 15:56
quote
Anonymous
Nope. Their fault.
post reply Forum Index » Jobs and Careers
Message Quick Reply
Go to: 

Search   Recent Topics   Hottest Topics