A personal experience and warning about social engineering scams

We talk a lot about ways to keep safe from scams. Many of us have first-hand experience which can serve as warnings to others. In much the same way as Sue experienced in her article, I had one such experience which I hope can help you be vigilant to protect yourself from falling victim in the future.

I have worked in the Information Technology industry for many years. Specifically, I have been involved in internet-related technology which means I am savvy with trends and possible scams that are going around. Even with over 30 years of experience in the field, I still came very close to falling victim to a social engineering scam. Let me set the scene for you.

I recall speaking with my boss in the office after hours while I was on my way out the door. As we often did, we discussed the successes and challenges of the day and what we had coming up in the future. During that conversation, she mentioned she was going to a conference the following day – which was not unusual.

The next morning, I received an email from her asking for my help. The email said she had not had time to get some “swag” for the people at the conference and hoped I could help. She asked if I could get some ITunes Gift Cards so she could hand them out to people she met at the conference. Bear in mind, this was an email that was in plain text, had unusual grammar and from an email address that was not her work address. I noticed these things at the time but I also knew the resourcefulness (and sometimes impetuousness) of this person so assumed she was using a public kiosk or someone else’s device to reach out. So I decided this seems likely and went ahead with it. I decided that the easiest place to pick up the ITunes Gift Cards was from Woolworths on my way to work. So I hopped in the car, drove to the store and found the cards she asked for.

“I’m in a conference right now, I should have called you, but calls are not allowed during the meetings, I don’t know when the meeting will be rounding up, I am so tied up right now, there are some listed guests here. I am presenting the gift card to them. Can you purchase an iTunes gift card for 5 pieces – $100 each at any nearby store? I would reimburse you once I am through later today, I would prefer to call you but can’t receive or call at the moment with my line. Let me know if you can handle it now.”

On my way to the checkout, I just could not shake the feeling that something was not right. I dismissed it and placed the cards on the checkout, prepared to pay for them. Remember, she said she would reimburse me for the costs so it would only be a short-term investment. Before scanning the cards, the person at the checkout asked me, “Are you buying these for yourself?” I said, “No, I am buying them for people I work with”. She replied to me, “We have to ask this because there are scammers who make money from ITunes Gift Cards”. This was the moment where I decided to listen to that voice in the back of my head questioning if the email was actually from my boss. I paused the checkout transaction and walked outside to think things through.

I decided to call my boss and verify the whole thing. She did mention that she wasn’t allowed to make calls, but I then questioned why that would be. It’s not like she was in Grade 9 Physics class and the teacher wouldn’t allow devices. So I called her and asked about the entire thing. I asked her if she had been communicating with me via email about buying ITunes Gift Cards. She flat out said she was not.

What?! Who had I been talking to?! What was I thinking?! I sat there dumbfounded for a minute. Shaken and disappointed in myself for not listening to my own doubts. I shook it off, walked back to my car and left for work. We also decided to share this experience with the rest of the company so no-one else fell prey to the same thing.

So you can see how easy it is to be caught up in these scams. I like to think that I have strong security senses when it comes to the internet, but this came at me from a different angle. Instead of directly attacking me with a virus or malicious software, the attacker used social engineering to convince me this was legitimate. I am thankful for a number of things but the most important lesson I learned is to trust your instincts.

Remember these simple points

• Talk to someone about it
• Verify with the person if you can
• Do due diligence on the request

Here are some simple guidelines to follow when you think something doesn’t seem right

• Talk to someone about it – in my scenario above, I could have mentioned the communication to someone and might have learned about the scam. Kudos to Woolworths for requiring their checkout people to challenge purchases
• Verify with the person – I would not have wasted my time if I had called my boss instead of communicating via email. Email is such an easy impersonation vehicle that I am sure my boss would not have questioned me verifying earlier in the communication
• Do due diligence – even a quick internet search about the topic in question could raise red flags. This scenario was related to ITunes Gift Cards so I could have searched for “ITunes Gift Card scam” and seen so many results

Looking back, I can see the warning signs I missed. The urgency, the pressure, and the unusual payment request were all red flags. But in the moment, the scammers knew exactly how to push my buttons, making me feel as though I had no choice but to comply. It was a harsh lesson, but one that made me more cautious and informed.

The experience taught me the importance of slowing down and questioning unusual demands—especially when they involve money. No legitimate organisation will ask for payment through gift cards, and anyone who does is almost certainly a scammer. I also learned that reporting such scams is crucial. While I couldn’t get my money back, I could help prevent others from falling victim. A simple internet search can often help.

Internet Search keywords you can use to verify for a scam relating to buying the Brooklyn Bridge – “scam brooklyn bridge”. It’s as easy as that – just type the topic of the conversation and add the word scam. NB it’s best to start the search with the word scam because the word relevancy is determined left to right.

If you ever receive a call, email, or message that feels urgent and involves an unexpected financial request, take a step back. Talk to someone you trust, verify the details, and never let fear dictate your actions. Scammers thrive on manipulation, but awareness and caution are powerful defenses. My hope is that by sharing my story, others can avoid the same costly mistake.