LEXINGTON, Ky. (WTVQ) – An administrative assistant at a Lexington insurance firm narrowly avoided losing $800 to a scammer pretending to be her boss in a message to her office email address, according to the Better Business Bureau.
The case is an example of a growing number of scams being reported to the BBB, many related to the coronavirus outbreak and taking advantage of everything from people working from home to government benefits.
In the Lexington case, the woman submitted this report to BBB Scam Tracker:
“I received an email that looked like it came from my boss asking for my cell phone number. My boss’ name appeared as the contact so I didn’t think to check that the email address matched. Plus, he or she addressed me by name. After I gave him my number, the scammer texted and asked me to go to the store to buy some gift cards, scratch off the back, and text him pictures of them. That was when I realized it was a scam and I double checked the email address to see it was a strange one.”
The assistant had recently been instructed by her supervisor to purchase local fast food gift cards as a ‘boost’ for employees as they adjust to working remotely during the COVID-19 pandemic.
She was not surprised at the latest request…until the scammer told her to use her own credit card to buy $800 worth of Google Play cards and wait to be reimbursed.
She also noticed that the texts came from an out of area phone number that is not her supervisor’s number. She texted back letting the scammer know she wasn’t falling for the con.
“This con is known as the Business Email Compromise (BEC) scam,” said Heather Clary, BBB Director of Communications. “A scammer poses as a reliable source who emails from a spoofed or hacked account to an employee, asking him or her to wire funds or buy gift cards. With so many people working remotely because of the COVID19 pandemic, it would be easy for an employee to fall for this scam.”
A study by Better Business Bureau (BBB) finds business email compromise scams are skyrocketing in frequency and have cost businesses and other organizations more than $3 billion since 2016.
BBB urges businesses to consider the following suggestions:
Assess Vulnerabilities: When employees are physically separated, in-person verifications for emails, texts, or similar requests involving financials or wire transfers are no longer possible. Put policies in place so requests for financial information or transfers are verified first.
HR Scams on the Rise: The latest twist involves HR Departments receiving calls or emails from a current employee asking to update his direct deposit or mailing information to receive paychecks. The request isn’t genuine, and the employee’s paycheck has just been stolen. If an employee calls in from a number not on file, ask to call him or her back at the number listed with the business. If email requests are received, call the employee to verify the request.
Staff Training: If your company doesn’t already have a security training program in place, now is the time to beef up staff training. It only takes one successful phishing attack to compromise a company’s network, steal millions of dollars or lose the trust of your customers. BBB State of Cyber Security is a source that’s free and provides the basics on securing your business.
The public may report scams to BBB Scam Tracker at www.bbb.org/scamtracker.