What Happened?
An employee at a small company received what they believed were legitimate emails from a senior colleague, requesting assistance with purchasing Apple gift cards. The emails were detailed, personalised, and appeared urgent. The scammer, posing as someone named “Billy Joe,” contacted the employee using the address officemailed69@gmail.com—a non-corporate email meant to resemble an internal account.
Over the course of a few hours, “Billy Joe” convinced the employee, Rachel, to buy nine €200 gift cards, take photos of each one, and email them back. Believing this was an approved and urgent task, Rachel followed through—sending over €1,800 worth of gift codes to a scammer.
The scam was only uncovered when suspicions arose during conversations with other staff. Unfortunately, by then, the codes had already been sent.
The Anatomy of the Scam
This type of attack is known as Business Email Compromise (BEC) or Impersonation Fraud. Here’s how the attacker gained control:
- Used a free Gmail account similar to a colleague’s name.
- Created urgency and confidentiality, pressuring the employee to act quickly and quietly.
- Used casual, friendly language to appear trustworthy and authentic.
- Directed actions step-by-step, controlling the conversation the entire time.
Warning Signs to Watch Out For
While the scammer was clever, there were subtle red flags throughout:
- External email address: Legitimate company communications should always come from official company domains.
- Unusual requests: Buying gift cards and sending codes over email isn’t typical business behaviour.
- Urgency and secrecy: Scammers often stress the need for discretion to avoid scrutiny.
- Spelling and grammar: Some small grammatical errors can be a giveaway, though many scammers are improving in this area.
How Staff Can Be Trained to Spot and Stop These Attacks
Human error is often the weakest link in cyber defence. That’s why staff training is just as crucial as strong passwords or firewalls. Here’s how to get ahead of the next attack:
1. Establish Clear Policies
Make it a rule: no purchases or transfers without verbal confirmation. If someone is asked to make a financial transaction via email or text, they should double-check—preferably by phone or in person.
2. Educate About Red Flags
Run regular sessions highlighting the signs of phishing, spoofing, and impersonation emails. Use real-world examples like this one to drive the point home.
3. Encourage a Culture of Caution
No employee should feel afraid to question a request that seems odd. Encourage staff to speak up if something doesn’t feel right.
4. Implement Technical Controls
Use tools that flag or block emails from external domains that mimic internal ones. Microsoft 365 and Google Workspace both offer such features.
How CK Computer Solutions Can Help
At CK Computer Solutions – Managed IT Services Dublin, we know these types of scams are on the rise. As a trusted Managed Service Provider (MSP), we help businesses like yours protect, prevent, and respond to cyber threats.
Here’s how we can support you:
- Email security and filtering tools that block suspicious senders before they reach your inbox.
- Staff cybersecurity training to ensure your team knows how to identify and report scams.
- Incident response planning so if a breach does happen, you’re prepared to act fast.
- Monitoring and alert systems to spot and shut down suspicious activity in real time.
Our team works closely with you to build a secure environment from the inside out—protecting not only your systems but also your people.
What To Do If You’ve Fallen Victim of a scam
If you suspect you’ve been tricked like in the case above, act immediately:
- Notify your IT department or MSP (like CK Computer Solutions).
- Contact your bank to block any possible reimbursements or transfers.
- Report the scam to An Garda Síochána and the National Cyber Security Centre (NCSC).
- Inform your team and check if any other staff received similar messages.
The sooner you act, the higher your chances of recovering funds or at least preventing further damage.
Scammers are getting smarter, but so can we. With the right mix of awareness, training, and professional IT support, businesses can significantly reduce their exposure to these types of fraud.
Don’t wait until you’re out of pocket—get ahead of the threat with the help of CK Computer Solutions. We’re here to make sure your systems and staff are always one step ahead.