Would you reimburse an employee who fell for a phishing scam?

post reply Forum Index » Jobs and Careers
[Post New]05/02/2019 15:56
quote
Anonymous

You need to reimburse because it was the first time and you did not adequately explain.

You convene a company wide meeting which all must attend, you explain what happened, and you say that in the future, no one will be reimbursed.
[Post New]05/02/2019 15:57
quote
Anonymous
Anonymous wrote:Was it a normal request for your CEO to make on the weekend that couldn't have waited until it was vetted Monday? That seems super shady....and I would not have just gone out and done that.


No, our CEO would never ask a staff member to do anything like this, weekend or not.
[Post New]05/02/2019 15:58
quote
Anonymous
Anonymous wrote:
You need to reimburse because it was the first time and you did not adequately explain.

You convene a company wide meeting which all must attend, you explain what happened, and you say that in the future, no one will be reimbursed.


What was not adequately explained? There were warnings sent out. Are you saying that it should have been explicitly stated that if someone spent their own money on a scam they wouldn't be reimbursed?
[Post New]05/02/2019 16:04
quote
Anonymous
Anonymous wrote:The confounding factor here is you admit that your company is not doing a good job of blocking such phishing emails. I think you should reimburse them.


When I said we were getting a lot of phishing emails I meant we were catching a lot of them in filters, they do not typically reach staff members. This was one of the few that made it through but it was not convincing-- there were several signs that it was not legit.
[Post New]05/02/2019 16:09
quote
Anonymous
The employee should be paid back and you should invest in better IT controls and training for all employees.
[Post New]05/02/2019 16:21
quote
Anonymous
Anonymous wrote:
Anonymous wrote:Also whey did they use their personal funds for the purchase insetad of a company card?


This staff member does not have a company credit card.

Does this person occasionally purchase things for the business and seek reimbursement?
[Post New]05/02/2019 16:22
quote
Anonymous
Anonymous wrote:
Anonymous wrote:
Anonymous wrote:Also whey did they use their personal funds for the purchase insetad of a company card?


This staff member does not have a company credit card.

Does this person occasionally purchase things for the business and seek reimbursement?
\

No, never.
[Post New]05/02/2019 16:26
quote
Anonymous
Anonymous wrote:
Anonymous wrote:
Anonymous wrote:
Anonymous wrote:Also whey did they use their personal funds for the purchase insetad of a company card?


This staff member does not have a company credit card.

Does this person occasionally purchase things for the business and seek reimbursement?
\

No, never.

Then I wouldn’t. I could maybe see getting confused if their job regularly required purchasing things on their own and getting paid back
[Post New]05/02/2019 16:37
quote
Anonymous
Anonymous wrote:
You need to reimburse because it was the first time and you did not adequately explain.

You convene a company wide meeting which all must attend, you explain what happened, and you say that in the future, no one will be reimbursed.


This.
I might even require a signed form from each employee indicating that the training was attended and that they understand the policies.
Also it should be made very, very clear that employees should ALWAYS get approval for spending for the company.
[Post New]05/02/2019 16:39
quote
Anonymous
Absolutely not pay.
[Post New]05/02/2019 16:41
quote
Anonymous
Anonymous wrote:The employee should be paid back and you should invest in better IT controls and training for all employees.


This is less about IT controls...even the most fortified security systems are vulnerable to phishing scams. This is more about lack of training or bad judgment on part of the employee. However, the employee should still be paid back, unless it was part of his job duties to be able to recognize phishing email.
[Post New]05/02/2019 16:46
quote
Anonymous
I think you should reimburse them and get a copy of the police report. Do you have insurance that can cover this? How do you know the employee is not in on the scam?

Once you clear that, you need a purchasing manual or policy. You need to train everyone on who can approve purchases over x amount, what card to use, etc. once you do that training, you have everyone sign that they understand and know they will not be reimbursed for purchases that violate the process and policy.
[Post New]05/02/2019 16:47
quote
Anonymous
Anonymous wrote:
Anonymous wrote:The employee should be paid back and you should invest in better IT controls and training for all employees.


This is less about IT controls...even the most fortified security systems are vulnerable to phishing scams. This is more about lack of training or bad judgment on part of the employee. However, the employee should still be paid back, unless it was part of his job duties to be able to recognize phishing email.


It was not part of their job, but they received specific warnings not to do what they did. Doesn't that count for something?
[Post New]05/02/2019 17:07
quote
Anonymous
Anonymous wrote:I think you should reimburse them and get a copy of the police report. Do you have insurance that can cover this? How do you know the employee is not in on the scam?

Once you clear that, you need a purchasing manual or policy. You need to train everyone on who can approve purchases over x amount, what card to use, etc. once you do that training, you have everyone sign that they understand and know they will not be reimbursed for purchases that violate the process and policy.


Agree 100%. Also can business can deduct this as a loss on their taxes.
[Post New]05/02/2019 17:07
quote
Anonymous
Is it routine for the CEO of your company to make such requests of staff? The employee should have verified the request first.
post reply Forum Index » Jobs and Careers
Message Quick Reply
Go to: 

Search   Recent Topics   Hottest Topics