Anonymous
05/03/2019 10:05
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:If you don't reimburse this employee they are going to quit within a month. Does that matter to you?
This employee may even be pissed off enough to attempt a legal claim against the company. If you don't have an IT department I assume you also don't have in-house counsel. Is incurring those costs, possibly more than the $2000, worth it?
If you are interested in protecting the company, those are the counterarguments you may want to present to the CEO.
Stupidity is not a legal defense.
Anonymous
05/03/2019 09:47
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:If you don't reimburse this employee they are going to quit within a month. Does that matter to you?
This employee may even be pissed off enough to attempt a legal claim against the company. If you don't have an IT department I assume you also don't have in-house counsel. Is incurring those costs, possibly more than the $2000, worth it?
If you are interested in protecting the company, those are the counterarguments you may want to present to the CEO.
The company didn't do anything wrong. When a scammer steals your identity and uses it to steal from someone else, you are not liable for theft.
Anonymous
05/03/2019 09:45
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote: The human side of me says you should reimburse half. The business side of me says you should not because they have been worn twice, it was a Gmail address, it was a ridiculous request, it was completely outside of her job duties, it shows a complete lack of judgment. And not that it matters that they’re under 40 but I would expect an older person to fall for such a scam but not somebody who is under 40 and has been around technology for many years.
Like I said, on a personal level I feel badly for the employee. If your company is able to afford it, perhaps reimburse half. Would it be tax-deductible at the end of the year? I would also hold an all company mandatory training ASAP about computer security, phishing etc.
It is tax deductible for the employee as a loss from theft (she should file a police report); but would not be for the company because the company was not the victim. But maybe the CFO could try to spin it otherwise.
Anonymous
05/03/2019 09:36
Subject: Would you reimburse an employee who fell for a phishing scam?
If you don't reimburse this employee they are going to quit within a month. Does that matter to you?
This employee may even be pissed off enough to attempt a legal claim against the company. If you don't have an IT department I assume you also don't have in-house counsel. Is incurring those costs, possibly more than the $2000, worth it?
If you are interested in protecting the company, those are the counterarguments you may want to present to the CEO.
This employee may even be pissed off enough to attempt a legal claim against the company. If you don't have an IT department I assume you also don't have in-house counsel. Is incurring those costs, possibly more than the $2000, worth it?
If you are interested in protecting the company, those are the counterarguments you may want to present to the CEO.
Anonymous
05/03/2019 09:13
Subject: Would you reimburse an employee who fell for a phishing scam?
The human side of me says you should reimburse half. The business side of me says you should not because they have been worn twice, it was a Gmail address, it was a ridiculous request, it was completely outside of her job duties, it shows a complete lack of judgment. And not that it matters that they’re under 40 but I would expect an older person to fall for such a scam but not somebody who is under 40 and has been around technology for many years.
Like I said, on a personal level I feel badly for the employee. If your company is able to afford it, perhaps reimburse half. Would it be tax-deductible at the end of the year? I would also hold an all company mandatory training ASAP about computer security, phishing etc.
Like I said, on a personal level I feel badly for the employee. If your company is able to afford it, perhaps reimburse half. Would it be tax-deductible at the end of the year? I would also hold an all company mandatory training ASAP about computer security, phishing etc.
Anonymous
05/03/2019 09:06
Subject: Would you reimburse an employee who fell for a phishing scam?
In my old job, IT sent out quarterly emails on phishing and even would send various employees phishing emails to test them and then talk to their manager and them.
Sorry but this person is an idiot or in on the scam. No CEO would ever do this. I wouldn't compensate him. If he leaves, no biggie as I'd be afraid what other gullible things he could do.
Sorry but this person is an idiot or in on the scam. No CEO would ever do this. I wouldn't compensate him. If he leaves, no biggie as I'd be afraid what other gullible things he could do.
Anonymous
05/03/2019 09:01
Subject: Re:Would you reimburse an employee who fell for a phishing scam?
At our company every email from outside the company comes with a warning notice in big red letters to prevent phishing. We’d cover the screw up but use it as a company wide lesson and announce that going forward we will not cover it.
Anonymous
05/03/2019 08:50
Subject: Would you reimburse an employee who fell for a phishing scam?
The employee is an idiot. If you do reimburse them, it should be on the condition that they receive some real, in-person training on computer security. Maybe your IT people can design some -- it probably wouldn't be a bad idea to offer it anyway.
My office IT people will send out fake phishing emails of various levels of sophistication. Any employee who clicks on a link in the email is required to undergo additional training.
My office IT people will send out fake phishing emails of various levels of sophistication. Any employee who clicks on a link in the email is required to undergo additional training.
Anonymous
05/03/2019 08:11
Subject: Would you reimburse an employee who fell for a phishing scam?
I would but I would have a staff meeting and memo training and making clear that employees must verify purchases or they will NOT be reimbursed.
I have seen some very good, convincing phishing emails come through my company that don’t start off talking about anything like gift cards. That only comes up later if you respond to them and then it looks more real. Luckily for the best I have the sense to call the person and IT so they can take care of it but I can see how an older, tech-unsavvy person could fall for them.
I have seen some very good, convincing phishing emails come through my company that don’t start off talking about anything like gift cards. That only comes up later if you respond to them and then it looks more real. Luckily for the best I have the sense to call the person and IT so they can take care of it but I can see how an older, tech-unsavvy person could fall for them.
Anonymous
05/03/2019 08:10
Subject: Would you reimburse an employee who fell for a phishing scam?
No one is allowed to incur expenses on behalf of the company without approval. Why this employee would suddenly think they should spend $2k of their own money and then get reimbursed is incomprehensible. I wonder if the employee is part of the scam! I don't think you should reimburse but if you do, then yes you need to hold a meeting, make them all sign that they understand the policies, and state firmly that NO ONE will be reimbursed going forward so they better be extra careful. And make sure they know they can't spend ANY money without going through the proper approval process which should be documented in your policies and procedures.
Anonymous
05/03/2019 08:05
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote: No, do not reimburse the employee.
If you do reimburse him/her, then when Tweedle Dee in X Division and Tweedle Dum in Y Division fall for a similar scam, you will have to reimburse them too.
Plus you can’t reimburse the employee because your company is so small that everyone will know and expect reimbursement if they fall for a scam too.
This
Anonymous
05/03/2019 07:56
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:OP, if you already got the answer you seem to want from the HR forum, then why keep this thread going? Some say reimburse, some say don’t.
I'm interested in people's perspective. When I have a discussion with the CEO to make a decision I want to be able to consider all aspects of the issue. The CEO is against reimbursing and I want to present some counter arguments so that we can talk through them and feel confident in our decision.
Anonymous
05/03/2019 07:51
Subject: Would you reimburse an employee who fell for a phishing scam?
OP, if you already got the answer you seem to want from the HR forum, then why keep this thread going? Some say reimburse, some say don’t.
Anonymous
05/03/2019 07:49
Subject: Would you reimburse an employee who fell for a phishing scam?
No, do not reimburse the employee.
If you do reimburse him/her, then when Tweedle Dee in X Division and Tweedle Dum in Y Division fall for a similar scam, you will have to reimburse them too.
Plus you can’t reimburse the employee because your company is so small that everyone will know and expect reimbursement if they fall for a scam too.
If you do reimburse him/her, then when Tweedle Dee in X Division and Tweedle Dum in Y Division fall for a similar scam, you will have to reimburse them too.
Plus you can’t reimburse the employee because your company is so small that everyone will know and expect reimbursement if they fall for a scam too.
Anonymous
05/03/2019 07:48
Subject: Re:Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:Anonymous wrote:Full disclosure - read the first and last page of this thread.
Your company should absolutely reimburse this employee. Who is responsible for the security of your company website and emails? Your company!
I cannot believe this is even a thread let alone a seven page thread.
I cannot believe it for the opposite reason. The employee fell for an unsophisticated scam that she was warned about. The company email was not spoofed, it came from a gmail account that would not be filtered. There is no way she should be reimbursed.
+1