Anonymous
05/03/2019 07:45
Subject: Re:Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:Full disclosure - read the first and last page of this thread.
Your company should absolutely reimburse this employee. Who is responsible for the security of your company website and emails? Your company!
I cannot believe this is even a thread let alone a seven page thread.
I completely agree.
Anonymous
05/03/2019 07:39
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:This is the OP. A few answers:
--We are a small company, fewer than 50 employees. We do not have an "IT department." We have one person who has been working round the clock trying to fix our filters once we noticed this starting a few weeks ago.
--We sent high priority emails to all staff to put them on alert for this exact type of scam.
--The emloyee's age isn't really relevant but they are younger than 40.
--The email was not spoofed. It came from a Gmail account with the CEO's name attached.
Also, I'll just note that when I put the same question out to a forum of HR professionals and almost all of them say they would not reimburse the employee.
That is because they know what they are talking about, while most people responding here are employees and thus are taking on the employee's "I hope someone bails me out for my stupidity" point of view. The company is not at fault. The phisher could have used any name. The CEO is as much a victim here as the employee, except the employee violated your express policy. Whether or not the employee is disciplined for this breach (because now your company is a live target) depends on how good the phisher was and how reasonable you think falling for it was.
Anonymous
05/03/2019 07:31
Subject: Would you reimburse an employee who fell for a phishing scam?
If you reimburse the employee she will never learn
Anonymous
05/03/2019 07:31
Subject: Would you reimburse an employee who fell for a phishing scam?
I would reimburse half at the most.
Most important, I would fire the employee. They disregarded the phishing warning and are a major liability. Moreover, they are an idiot.
Most important, I would fire the employee. They disregarded the phishing warning and are a major liability. Moreover, they are an idiot.
Anonymous
05/03/2019 07:30
Subject: Would you reimburse an employee who fell for a phishing scam?
This is the OP. A few answers:
--We are a small company, fewer than 50 employees. We do not have an "IT department." We have one person who has been working round the clock trying to fix our filters once we noticed this starting a few weeks ago.
--We sent high priority emails to all staff to put them on alert for this exact type of scam.
--The emloyee's age isn't really relevant but they are younger than 40.
--The email was not spoofed. It came from a Gmail account with the CEO's name attached.
Also, I'll just note that when I put the same question out to a forum of HR professionals and almost all of them say they would not reimburse the employee.
--We are a small company, fewer than 50 employees. We do not have an "IT department." We have one person who has been working round the clock trying to fix our filters once we noticed this starting a few weeks ago.
--We sent high priority emails to all staff to put them on alert for this exact type of scam.
--The emloyee's age isn't really relevant but they are younger than 40.
--The email was not spoofed. It came from a Gmail account with the CEO's name attached.
Also, I'll just note that when I put the same question out to a forum of HR professionals and almost all of them say they would not reimburse the employee.
Anonymous
05/03/2019 07:29
Subject: Re:Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:I can't believe some of the responses here.
Of course you reimburse the employee. While the employee sounds gullible and needs a stern warning, this sounds more like an IT fail than anything else. I also agree with the PPs that this $2000 would be a huge part of a lower level employee's pay. Use the gift cards for another reason (for use by travelers to pay for air fare or hotels, etc.) and look at it as a zero net impact. You haven't lost any money and you haven't made any money. And get your IT department to beef up its monitoring systems.
The gift cards are gone. They cannot be used by the company.
Anonymous
05/03/2019 07:27
Subject: Would you reimburse an employee who fell for a phishing scam?
They are stupid, no one purchases from their personal account without written approval. Sound like the employee was trying to make money, got scammed and are trying to recover money. Don't reimburse.
Anonymous
05/03/2019 07:21
Subject: Re:Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:Full disclosure - read the first and last page of this thread.
Your company should absolutely reimburse this employee. Who is responsible for the security of your company website and emails? Your company!
I cannot believe this is even a thread let alone a seven page thread.
I cannot believe it for the opposite reason. The employee fell for an unsophisticated scam that she was warned about. The company email was not spoofed, it came from a gmail account that would not be filtered. There is no way she should be reimbursed.
Anonymous
05/02/2019 23:17
Subject: Would you reimburse an employee who fell for a phishing scam?
How old was this employee?
Sorry if it was said earlier. I don't have the patience to read through 7 pages on this topic.
Sorry if it was said earlier. I don't have the patience to read through 7 pages on this topic.
Anonymous
05/02/2019 23:14
Subject: Re:Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:You are wrong and I hope you do not have a professional job.
My company has a huge network set up to deal with this. It been attempted many times but our admins always alert us when there is a threat.
You sound dim, PP.
Riiiiight. I’m “dim” because I wouldn’t fall for a phishing scam! You got me!
Anonymous
05/02/2019 23:12
Subject: Re:Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:Full disclosure - read the first and last page of this thread.
Your company should absolutely reimburse this employee. Who is responsible for the security of your company website and emails? Your company!
I cannot believe this is even a thread let alone a seven page thread.
The employee responded to a GMAIL address saying it was the CEO. If he can’t figure out that the CEO would contact him via company email he’s an idiot. Also, when you get a crazy request like this, even if you think it’s true you should at least notify your manager before you charge thousands on your credit card.
Anonymous
05/02/2019 23:11
Subject: Re:Would you reimburse an employee who fell for a phishing scam?
You are wrong and I hope you do not have a professional job.
My company has a huge network set up to deal with this. It been attempted many times but our admins always alert us when there is a threat.
You sound dim, PP.
My company has a huge network set up to deal with this. It been attempted many times but our admins always alert us when there is a threat.
You sound dim, PP.
Anonymous
05/02/2019 23:09
Subject: Re:Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:I agree with PPs who think your IT department had a big fail here. The employee should have known better but your IT department failed, you have insurance and you can deduct the cost as a business expense. How small are you, exactly? Is the employee older? Hourly worker? Low compensation? I would probably reimburse a portion.
How did the IT department fail?
Anyone can google company and find out the name of the CEO. Anyone can make a gmail account with the CEOs name. Obtaining contact emails for employees is not difficult.
How was the IT department supposed to know to block this particular gmail address from contacting stupid employee?
It’s his fault and his fault alone. I wouldn’t reimburse and if he quits over it, then you’re out ahead because you have one fewer idiot on your team. When someone shows you they have no common sense, believe them.
Anonymous
05/02/2019 23:08
Subject: Re:Would you reimburse an employee who fell for a phishing scam?
Full disclosure - read the first and last page of this thread.
Your company should absolutely reimburse this employee. Who is responsible for the security of your company website and emails? Your company!
I cannot believe this is even a thread let alone a seven page thread.
Your company should absolutely reimburse this employee. Who is responsible for the security of your company website and emails? Your company!
I cannot believe this is even a thread let alone a seven page thread.
Anonymous
05/02/2019 23:03
Subject: Would you reimburse an employee who fell for a phishing scam?
Anonymous wrote:Anonymous wrote:Was the email domain spoofed?
No, the name was the CEO but the email address was a gmail account.
The employee is an idiot.
The people who run these scams just google companies and create an email with the bosses name. If he bought crap for a rando with a Gmail account he should be fired. I would forever be questioning his judgment. It would be hard to trust him with anything of importance. He has no common sense.