Skip to main content
close search
site logo
Dive Brief

Gift card spear-phishing scams targeting receptionists, assistants

Published Dec. 3, 2018
By
Valerie Bolden-Barrett Contributor
Deposit Photor

Dive Brief:

  • Gift card spear phishing is an emerging cybersecurity workplace risk that often tricks receptionists, office managers and executive assistants into sending gift cards to attackers, according to researchers at Barracuda Networks. The scammers sometimes claim the cards are surprise rewards for employees and therefore a secret. The emails are often sent from trusted email domains, lack malicious links or files and aren't recognized as threats by traditional email providers. Attackers are taking advantage of the holidays, when gift cards are widely used, researchers said.
  • Attackers pretend that they're CEOs or other senior managers and are aware that lower-level employees are most likely to handle gift card requests and less likely to deny requests from top executives. Other emails use such tactics as implied urgency or specific details to make the email seem more legitimate.
  • Training employees to spot such attacks goes a long way in stopping them, the experts said. Barracuda Network researchers also recommended use of an artificial intelligence-based email security solution, which, for example, can recognize email addresses that the CEO wouldn't normally use.

Dive Insight: 

In a modern business environment, HR and IT are working together to reach certain goals, especially security goals that require a well-trained employee base. HR can work with IT to help employees avoid falling for these scams and understand what technology is needed to ward off attacks. Together, the departments can make employees aware of the attack and steps to take should they receive such an email.

Many organizations, however, are unhappy with the state of their cybersecurity culture. A poll of 4,800 business and technology professionals found that only 5% of organizations think their cybersecurity cultures are as advanced as they should be, according to the Information Systems Audit and Control Association (ISACA). To solve this issue, ISACA suggests investing more in training and directly involving employees in the cybersecurity process.

A 2017 report from Cisco and the Trivalent Group emphasizes the importance of cutting down on the time between an attack and its detection in preventing extensive damage. Employers’ cybersecurity systems must be capable of detecting and responding quickly to an attack — and that increasingly includes training employees on the front lines.

Filed Under: HR Management

Editors' picks

Company Announcements

View all | Post a press release
Improvizations Signs Letter of Intent to Acquire The FASE Group
From Improvizations, LLC
November 12, 2024
LearnLux Financial Wellbeing Named Top 25 Work Tech Vendor
From LearnLux
November 07, 2024
New Research Reveals U.S. HR Leaders are Too Overwhelmed to Keep Up with New Technology Trends…
From aconso
November 20, 2024
CuraLinc Healthcare Expands Partner Network Announcing Strategic Oshi Health Partnership
From CuraLinc Healthcare
November 05, 2024
Editors' picks
Latest in HR Management
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell