Anonymous wrote:I'd reimburse because I'd feel bad if I didn't. Then I'd said an email stating someone fell for the scam (leave out names). Reiterate the signs of a scam, give specific directions of who to call or what to do if they get something suspicious, that even if it appears to be a legitimate email, please check with X person before spending money, do not hit reply to an email before verifying whether or not it's spam, and most importantly, going forward if someone does fall for the scam and does not do the proper steps beforehand, they will not be reimbursed

Anonymous wrote:

Anonymous wrote:
You need to reimburse because it was the first time and you did not adequately explain.

You convene a company wide meeting which all must attend, you explain what happened, and you say that in the future, no one will be reimbursed.

This.
I might even require a signed form from each employee indicating that the training was attended and that they understand the policies.
Also it should be made very, very clear that employees should ALWAYS get approval for spending for the company.

Anonymous wrote:The employee should be paid back and you should invest in better IT controls and training for all employees.

Anonymous wrote:

Anonymous wrote:The employee should be paid back and you should invest in better IT controls and training for all employees.

Agree. Something is wrong with your spam filters if they allowed an email to go through that spoofed an email address from your own domain. You need to talk to your IT people.

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:The employee should be paid back and you should invest in better IT controls and training for all employees.

Agree. Something is wrong with your spam filters if they allowed an email to go through that spoofed an email address from your own domain. You need to talk to your IT people.

And frankly, you should reimburse the employee the $2k, and thank them for exposing the flaws in your current technology setup. Because if that hole is open, I can only imagine how many other holes are open as well. You have problems, and this hapless employee is just the tip of the iceberg.

Anonymous wrote:Do you want to lose this employee? Yes, you should pay the employee back. He did this to be of service as part of his regular job duties.

Anonymous wrote:Our company has been getting a lot of phishing emails lately. We are working hard with our IT vendors to deal with this and have sent two high priority emails to staff telling them to be careful, explaining what these scams are and what to look out for, and giving steps of what they should do if they receive one.

Over the weekend an employee got an email at their work email address that looked like it was coming from the CEO, asking them to purchase gift cards for him. The employee followed the instructions and wound up spending $2k of their own money on gift cards. When we discovered what happened we instructed the staff member to contact their credit card company, bank and the gift card vendor. All of these told him that since they bought the cards legitimately there is no recourse on their end. I instructed the employee to also file a police report.

From the company perspective we do not feel that we should reimburse the staff member for this cost. I feel terrible for them, but we had sent warnings about this very scenario. Also, the request itself was not anything our CEO would ever ask a staff member to do, so the staff member really should have known better.

Is there anyone that thinks the company should pay the staff member back? Is there anything else we can do?

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:
You need to reimburse because it was the first time and you did not adequately explain.

You convene a company wide meeting which all must attend, you explain what happened, and you say that in the future, no one will be reimbursed.

This.
I might even require a signed form from each employee indicating that the training was attended and that they understand the policies.
Also it should be made very, very clear that employees should ALWAYS get approval for spending for the company.

We have frequent training and fake emails to catch employees, and anyone who misses more than one phish has to go to special training. The results are reported to the top 100 in the company on a monthly basis. Awards are given to the teams that do the best. We joke that we don’t even open emails from our mother anymore.

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:The employee should be paid back and you should invest in better IT controls and training for all employees.

Agree. Something is wrong with your spam filters if they allowed an email to go through that spoofed an email address from your own domain. You need to talk to your IT people.

And frankly, you should reimburse the employee the $2k, and thank them for exposing the flaws in your current technology setup. Because if that hole is open, I can only imagine how many other holes are open as well. You have problems, and this hapless employee is just the tip of the iceberg.

I have a government phone that gets a lot of scam calls - more than my personal cell. If I answer and get scammed, should the government reimburse me because they didn't block the spammers?