Anonymous
05/02/2019 22:14
Subject: Re:Would you reimburse an employee who fell for a phishing scam?
In the email warning you sent to employees, did you explicitly make it clear that the phishing emails could appear to come from specific people in your own company from their actual email addresses?
Your IT department sucks, by the way.
Your IT department sucks, by the way.
Anonymous
05/02/2019 22:04
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:Anonymous wrote:Anonymous wrote:Anonymous wrote:The employee should be paid back and you should invest in better IT controls and training for all employees.
Agree. Something is wrong with your spam filters if they allowed an email to go through that spoofed an email address from your own domain. You need to talk to your IT people.
And frankly, you should reimburse the employee the $2k, and thank them for exposing the flaws in your current technology setup. Because if that hole is open, I can only imagine how many other holes are open as well. You have problems, and this hapless employee is just the tip of the iceberg.
I have a government phone that gets a lot of scam calls - more than my personal cell. If I answer and get scammed, should the government reimburse me because they didn't block the spammers?
To be a valid comparison, your employer would be the one running the phone network, which is unlikely, and the call would have to appear to come from the CEO. OP’s IT vendors are not doing a good job if an email from the outside got in while appearing to come from an internal address. That’s a problem.
Anonymous
05/02/2019 22:02
Subject: Would you reimburse an employee who fell for a phishing scam?
We also have mandatory online trainings and receive fake emails that we are supposed to catch and report. I only fell for one that said there is a puppy running in the hallway, the picture is attached. I opened the attachment, and it said that I wasn't supposed to open anything sent in a suspicious email.Anonymous wrote:Anonymous wrote:Anonymous wrote:
You need to reimburse because it was the first time and you did not adequately explain.
You convene a company wide meeting which all must attend, you explain what happened, and you say that in the future, no one will be reimbursed.
This.
I might even require a signed form from each employee indicating that the training was attended and that they understand the policies.
Also it should be made very, very clear that employees should ALWAYS get approval for spending for the company.
We have frequent training and fake emails to catch employees, and anyone who misses more than one phish has to go to special training. The results are reported to the top 100 in the company on a monthly basis. Awards are given to the teams that do the best. We joke that we don’t even open emails from our mother anymore.
Anonymous
05/02/2019 21:28
Subject: Would you reimburse an employee who fell for a phishing scam?
Reimburse the employee.
Do a better job with spam filter.
Create processes in your company where only company card can be used to make purchases and and only a few people can make purchases. Create code words that is not shared over email, that should be used when making monetory requests.
But most of all - reimburse the employee.
Do a better job with spam filter.
Create processes in your company where only company card can be used to make purchases and and only a few people can make purchases. Create code words that is not shared over email, that should be used when making monetory requests.
But most of all - reimburse the employee.
Anonymous
05/02/2019 21:18
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:Our company has been getting a lot of phishing emails lately. We are working hard with our IT vendors to deal with this and have sent two high priority emails to staff telling them to be careful, explaining what these scams are and what to look out for, and giving steps of what they should do if they receive one.
Over the weekend an employee got an email at their work email address that looked like it was coming from the CEO, asking them to purchase gift cards for him. The employee followed the instructions and wound up spending $2k of their own money on gift cards. When we discovered what happened we instructed the staff member to contact their credit card company, bank and the gift card vendor. All of these told him that since they bought the cards legitimately there is no recourse on their end. I instructed the employee to also file a police report.
From the company perspective we do not feel that we should reimburse the staff member for this cost. I feel terrible for them, but we had sent warnings about this very scenario. Also, the request itself was not anything our CEO would ever ask a staff member to do, so the staff member really should have known better.
Is there anyone that thinks the company should pay the staff member back? Is there anything else we can do?
Why is he checking work emails off of the clock. No way will I do that
Anonymous
05/02/2019 21:15
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:Do you want to lose this employee? Yes, you should pay the employee back. He did this to be of service as part of his regular job duties.
Seriously? This was not part of his job duties. Does OP really want an employee this stupid anyway?
Anonymous
05/02/2019 21:12
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:Anonymous wrote:Anonymous wrote:The employee should be paid back and you should invest in better IT controls and training for all employees.
Agree. Something is wrong with your spam filters if they allowed an email to go through that spoofed an email address from your own domain. You need to talk to your IT people.
And frankly, you should reimburse the employee the $2k, and thank them for exposing the flaws in your current technology setup. Because if that hole is open, I can only imagine how many other holes are open as well. You have problems, and this hapless employee is just the tip of the iceberg.
I have a government phone that gets a lot of scam calls - more than my personal cell. If I answer and get scammed, should the government reimburse me because they didn't block the spammers?
Anonymous
05/02/2019 20:49
Subject: Would you reimburse an employee who fell for a phishing scam?
Was the email domain spoofed?
Anonymous
05/02/2019 20:39
Subject: Would you reimburse an employee who fell for a phishing scam?
Honestly, I would reimburse, but I would also let this person go. I can’t imagine a scenario in which I would consider this person to have appropriate judgement.
I would also create specific company policy around spending and reimbursement. Like no costs reimbursed unless paid for through corporate cards. Anyone who does not have a corporate card is not authorized to spend any co money. After that, this employee would not get reimbursed.
I would also create specific company policy around spending and reimbursement. Like no costs reimbursed unless paid for through corporate cards. Anyone who does not have a corporate card is not authorized to spend any co money. After that, this employee would not get reimbursed.
Anonymous
05/02/2019 20:31
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:Anonymous wrote:The employee should be paid back and you should invest in better IT controls and training for all employees.
Agree. Something is wrong with your spam filters if they allowed an email to go through that spoofed an email address from your own domain. You need to talk to your IT people.
And frankly, you should reimburse the employee the $2k, and thank them for exposing the flaws in your current technology setup. Because if that hole is open, I can only imagine how many other holes are open as well. You have problems, and this hapless employee is just the tip of the iceberg.
Anonymous
05/02/2019 20:28
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:The employee should be paid back and you should invest in better IT controls and training for all employees.
Agree. Something is wrong with your spam filters if they allowed an email to go through that spoofed an email address from your own domain. You need to talk to your IT people.
Anonymous
05/02/2019 20:09
Subject: Would you reimburse an employee who fell for a phishing scam?
This happened to a coworker of mine. She was not reimbursed (amount was under $1K but still brutal as young employee). It seemed to all of us that it was quite unfortunate but not employer's fault that she fell for scam.
Anonymous
05/02/2019 20:03
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:Anonymous wrote:
You need to reimburse because it was the first time and you did not adequately explain.
You convene a company wide meeting which all must attend, you explain what happened, and you say that in the future, no one will be reimbursed.
This.
I might even require a signed form from each employee indicating that the training was attended and that they understand the policies.
Also it should be made very, very clear that employees should ALWAYS get approval for spending for the company.
We have frequent training and fake emails to catch employees, and anyone who misses more than one phish has to go to special training. The results are reported to the top 100 in the company on a monthly basis. Awards are given to the teams that do the best. We joke that we don’t even open emails from our mother anymore.
Anonymous
05/02/2019 19:52
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:I'd reimburse because I'd feel bad if I didn't. Then I'd said an email stating someone fell for the scam (leave out names). Reiterate the signs of a scam, give specific directions of who to call or what to do if they get something suspicious, that even if it appears to be a legitimate email, please check with X person before spending money, do not hit reply to an email before verifying whether or not it's spam, and most importantly, going forward if someone does fall for the scam and does not do the proper steps beforehand, they will not be reimbursed
But an email already was sent stating all of this. To me, that is enough to justify not reimbursing.
Anonymous
05/02/2019 19:40
Subject: Re:Would you reimburse an employee who fell for a phishing scam?
I wouldn't reimburse it. I really hope this person isn't in a position of any kind of authority and doesn't work without close supervision, because they have incredibly poor judgment.