Phishing Scams: Should Employees Be Held Accountable?

Source: Maureen Minehan, Employment Alert, Volume 36 Issue 12, June 13, 2019
(subscription required)

An administrative assistant receives an email from a senior executive asking her to purchase 100 $25 gift cards to be distributed electronically to staff as a thank you for their hard work. The employee purchases the cards, charging the expense on her personal credit card. She sends the executive the cards as requested and submits the charge for reimbursement. When the accounts payable team contacts the executive for approval of the reimbursement, everyone gets a big surprise—the executive never asked for the gift cards. The employee had fallen for what’s known as a “phishing” scam and the scammers have already emptied the cards of their balances.

While the employee is contrite, the executive does not want to reimburse her because she believes the employee should have known better. The entire company had recently received correspondence from the IT department about phishing scams and how to avoid becoming a victim. The employee argues you have an obligation to pay her because she was acting in good faith to perform what she perceived as a duty of her job. The CEO of your organization wants to fire her for putting the company at risk.

If this sounds far-fetched, it’s not. A similar scenario recently played out at a company in the Washington, D.C. area. In the end, the company reimbursed the employee for half of gift cards’ costs, but hard feelings remain on all sides…..