When a company’s employee falls victim to a phishing scam, it can create serious reputational damage. Once a scammer has access to your internal systems, they can pose as an employee and wreak havoc on your brand. Even when you explain that it was not a member of your team making them a job offer, requesting a password, sending a virus-laden attachment, etc., the victim may feel like your company didn’t do enough to prevent it. We’ve helped several clients navigate these situations with internal and external communications strategies. Think it can’t happen to you? You might surprised.
A near-miss and cautionary tale
Because of their connection to reputation management, I’m always learning about new scams. Even though I’m generally on high alert, I almost handed over a password to someone I thought was emailing me from Meta Business. They were flagging a paid post on Facebook for copyright infringement. It included an image I wasn’t convinced the client had permission to use, so it struck a nerve. It was also a super busy day of meetings and I let my guard down for a moment out of fear that we might lose access to the account. Fortunately for me, I couldn’t remember the password! That forced me to pause, talk it over with a colleague and realize the sender’s address was bogus. Phew.
Media buyers beware
Over the last month or so, I’ve seen two attempted scams come through our website contact form that I’d not seen before. A marketing representative from a consumer product brand is looking for a firm to develop a paid media strategy and buy the advertisements. They provide just enough background information to make you think it could be legit. In fact, I’ve gotten much less from good prospects via our contact form!
With the first one (pasted below), my coworker was skeptical but I was marginally curious. I simply reached out to let her know we weren’t a good fit. She replied with detailed background information, which only confirmed this person was not who she said she was. Of course, there was a PDF attachment I didn’t download and links I didn’t click on.
Fast forward to this week, and I received a second query for a media buying proposal. A Pulitzer Prize-winning journalist I know once told me, “When you’ve heard something three times, it’s newsworthy.” I decided not to wait for the third to send out a warning.
If this post helps just one company pause long enough to avoid becoming a victim of a phishing scam and suffering reputational damage, it will be worth it. What scams are you seeing at your company? Share in the comments so we can look out for each other.